Deeplinkshttps://www.eff.org/es/rss/updates.xml/mandatory-data-retention
EFF's Deeplinks Blog: Noteworthy news from around the internetesData Brokers: Don’t Let Your Data be Used For Human Rights Abuseshttps://www.eff.org/es/deeplinks/2017/02/data-brokers-dont-let-your-data-be-used-human-rights-abuses
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>EFF, Amnesty International, Color of Change, the Center for Democracy and Technology, and our other coalition partners are urging data brokers to take a stand against government surveillance and discrimination based on religion, national origin, and immigration status.</p>
<p>As explained in a joint statement released today, data brokers collect and analyze huge amounts of personal data that could easily be used to identify and profile and track people in violation of their basic human rights.</p>
<p>EFF and our allies are calling on data brokers to disclose whether they’ve received government requests for their data, and to make the following pledge:</p>
<blockquote><p>We will not allow our data, or services, to be purchased or otherwise used in ways that could lead to violations of the human rights of Muslims or immigrants in the United States. If we cannot guarantee that our data, or services, will not ultimately be used for such purposes, we will refuse to provide them.</p></blockquote>
<p>You can read the full statement <a href="https://www.eff.org/files/2017/02/27/amr5157842017english_0.pdf">here</a>.</p>
<p>If you’re in California, you can take action to protect your friends, coworkers, and neighbors. California state Sen. Ricardo Lara has introduced a bill that would prevent California from sharing state and local government data with the federal government, when that data could be used to create lists, registries, or databases based on people's religion, national origin, or ethnicity. <a href="https://action.eff.org/o/9042/p/dia/action3/common/public/?action_KEY=10444">Take action now and show your support for S.B. 31</a>.</p>
</div></div></div>Mon, 27 Feb 2017 17:32:41 +0000kerry.sheehan95080 at https://www.eff.orgPrivacyMandatory Data RetentionSurveillance TechnologiesVigilancia de Estado & Derechos HumanosSocial NetworksOnline Behavioral TrackingLa triste historia del Perú con la vigilancia, y cómo solucionarlahttps://www.eff.org/es/deeplinks/2016/10/la-triste-historia-del-peru-con-la-vigilancia-y-como-solucionarla
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p align="justify"><img src="/files/2016/10/28/fpg-latamsurveillancespanishreport.png" alt="" height="270" width="650" /></p>
<p><em>Este post forma parte de la serie "<a href="https://necessaryandproportionate.org/es/americas-reports">Ojos que no parpadean: El Estado de la Vigilancia de las comunicaciones en América Latina</a>", un proyecto elaborado en colaboración con organizaciones de Derechos Digitales en América Latina, que documenta y analiza las leyes y prácticas de vigilancia en doce países: Argentina, Brasil, Chile, Colombia, el Salvador, Guatemala, Honduras, Perú, México, Nicaragua, Paraguay y Uruguay. Además de los informes de cada país, la EFF produjo <a href="https://necessaryandproportionate.org/es/an%C3%A1lisis-comparado-de-las-leyes-y-pr%C3%A1cticas-de-vigilancia-en-latinoam%C3%A9rica">un análisis jurídico comparativo</a> de las leyes de vigilancia en esos doce países, así como <a href="https://necessaryandproportionate.org/es/an%C3%A1lisis-jur%C3%ADdico-inter-americano">un análisis jurídico</a> a nivel regional de los 13 Principios “Necesario y Proporcional” escrito junto con <span><a href="https://www.derechosdigitales.org/">Derechos Digitales</a></span>, y <a href="https://necessaryandproportionate.org/es/americas-reports/quienes-pueden-vigilarnos">un mapa interactivo</a> que resume nuestros hallazgos.</em></p>
<p>En Perú, un mecanismo de control débil de la vigilancia hizo caer a un primer ministro. En 2015 la revista peruana, <em><span><a href="http://elcomercio.pe/politica/gobierno/dini-esta-lista-politicos-y-empresarios-rastreados-noticia-1798654?ref=nota_politica&amp;ft=contenido"><span class="western">Corr</span><span class="western">e</span><span class="western">o Semanal</span></a></span></em>, alegó que la Dirección de Inteligencia Nacional del Perú (DINI) había espiado ilegalmente a periodistas, empresarios, legisladores, políticos y miembros de las fuerzas armadas y sus familias. La DINI <a href="http://larepublica.pe/20-03-2015/tres-miembros-de-la-dini-rastreaban-informacion-sobre-politicos-y-empresarios">accedió supuestamente a información almacenada</a> en el registro nacional de las propiedades del Perú, y almacenó esta información en expediente de cientos de personas.</p>
<p>La entonces Primer Ministro de Perú, Ana Jara, que era la responsable de supervisar la DINI en ese momento, argumentó que la dirección simplemente “Copio la información contenida en los archivos públicos y no violó el secreto fiscal o la intimidad personal." A pesar de ello, la Sra Jara le pidió a la Oficina del Fiscal investigar la situación de los actos delictivos y despidió al director del organismo, su jefe de contra-inteligencia, y su jefe de inteligencia nacional.</p>
<p><a href="http://larepublica.pe/20-03-2015/tres-miembros-de-la-dini-rastreaban-informacion-sobre-politicos-y-empresarios">El Congreso estimó</a> que la primer ministro era culpable. Debido al contexto político del momento – con las próximas elecciones presidenciales y congresales a un año de distancia – un congresista peruano argumentó que era "evidente que el verdadero objetivo [de la recogida de datos de la DINI] era filtrar información a la prensa con el fin de "eliminar" los contendientes dominantes [para las próximas elecciones].” El entonces presidente Ollanta Humala tuvo que seleccionar un nuevo primer ministro y gabinete después de que la Sra. Jara se vio obligada a renunciar.</p>
<p>El Presidente Humala hizo poco para atender a la advertencia de Congreso sobre la vigilancia sin control de los que detentaban el poder. A sólo cuatro meses después de la renuncia de Jara, el presidente promulgó el Decreto Legislativo Nº 1182, denominada "<span><a href="https://www.eff.org/deeplinks/2015/08/stalker-law-or-how-did-government-legalized-mass-surveillance-innocent-peruvians" class="western">Ley Stalker",</a></span> que obliga a los proveedores de telecomunicaciones a conservar los datos de comunicaciones de sus usuarios durante tres años. En pocas palabras, el decreto cambió las prácticas de vigilancia basadas en la sospecha individualizada a la sospecha masiva, la recogida no selectiva de las comunicaciones de toda una población. La Ley Stalker también permite el acceso a los datos de localización sin orden judicial en los casos de delitos flagrantes.</p>
<p>La Ley Stalker y la DINI son sólo parte del mosaico frente a la escasa supervisión en la vigilancia en el Perú. Puede investigar más acerca de que la historia de aquellos que lo vivieron, en nuestro video a continuación.</p>
<div class="mytube" style="width: 560px;">
<div class="mytubetrigger" tabIndex="0">
<img width="560" height="420" class="mytubethumb" alt="mytubethumb" src="https://www.eff.org/files/mytube/yt_RV17t76dfFw.jpg" style="margin: -52.5px 0" />
<img src="https://www.eff.org/sites/all/modules/contrib/mytube/play.png" class="mytubeplay" alt="play" style="top: 127.5px; left: 250px;" />
<div class="mytubeembedcode">%3Ciframe%20src%3D%22https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2FRV17t76dfFw%3Fautoplay%3D1%22%20allowfullscreen%3D%22%22%20height%3D%22315%22%20frameborder%3D%220%22%20width%3D%22560%22%3E%3C%2Fiframe%3E</div>
</div><!--mytubetrigger-->
<div class="mytubetext">
<a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="https://www.youtube-nocookie.com/embed/RV17t76dfFw">youtube-nocookie.com</a></em><br /> </div>
</div>
<p>
Para aprender cómo solucionar estos problemas, el Estado necesita conocer a profundidad cómo funciona su sistema actual y lo que hay que hacer para solucionarlo.</p>
<h2>Vigilancia en el Perú de hoy</h2>
<p>La "<a href="https://necessaryandproportionate.org/country-reports/peru">Vigilancia de Comunicaciones del Estado y la protección de los derechos fundamentales en el Perú</a>", por Miguel Morachimo, director de la ONG peruana Hiperderecho, forma parte del proyecto "Ojos que no parpadean: El estado de la vigilancia en América Latina." El informe referido a Perú analiza las leyes de vigilancia en el Perú y ofrece recomendaciones. Estas son algunas de sus principales conclusiones:</p>
<ul><li><strong>Sobre la cultura del secreto del Perú</strong>: En octubre de 2015, Hiperderecho presentó una petición de libertad de información para conocer las regulaciones que controlan la colaboración entre el sector privado y el gobierno. Esencialmente la ONG estaba buscando el documento que permite la Ley de Stalker funcione. la solicitud de Hiperderecho fue denegada; el gobierno ha mantenido este protocolo en secreto para el público, categorizándolo como "información reservada".</li>
<li><strong>Sobre la privacidad de la ubicación</strong>: Perú requiere una autorización judicial para cada interceptación de comunicaciones privadas, y los tribunales han interpretado este requisito de una forma que se aplica ampliamente. Sin embargo, el Decreto Legislativo Nº 1182 otorga a la Policía Nacional el acceso sin orden judicial a los datos de localización en tiempo real, sin una orden judicial, en los casos de delitos flagrantes. Hiperderecho argumentó que, en tales casos, una autorización judicial previa a la investigación siempre debe ser un requisito constitucional. Un sistema como el descrito en el Decreto Legislativo Nº 1182 representa un retroceso a las garantías del derecho a la privacidad de todos los peruanos. La falta de una fuerte protección legal para la privacidad de la ubicación del Perú debe cambiar.</li>
<li><strong>En Notificación del usuario</strong>: Las leyes de Perú requieren que cualquier persona afectada por la vigilancia sea notificada. Sin embargo, la notificación sólo se produce después que una investigación se cierra. Perú permite al usuario buscar un nuevo examen judicial de la orden de vigilancia. Exigir a las empresas de telecomunicaciones y proveedores de Internet para almacenar los datos de toda una población es de por sí una medida desproporcionada. Para colmo de males, las garantías para el tipo de datos que deben conservarse no están claramente definidas por la ley. Perú debe derogar el Decreto Legislativo Nº 1182, y reconsiderar la necesidad de atar evidencia a un lugar o personas con el fin de autorizar a cualquier medida de vigilancia.</li>
<li><strong>S</strong><strong>obre la Ley versus la Práctica</strong>: Es necesario que la legislación que se aplica a las actividades de inteligencia sea clara y detallada con el fin de establecer un límite en cuanto al alcance de las actividades y tareas de inteligencia. Las regulaciones deben especificar cuáles son las actividades de recolección de inteligencia e indicar el período de tiempo en el que la información recogida será destruida, o los criterios en virtud de los cuales esta será compartida con otras instituciones o estados extranjeros. Perú debe asegurarse de que ninguna de las normas escritas se traduzcan en práctica constante y que cualquier violación de la ley sea descubierto y remediado.</li>
<li><strong>Sobre la Supervisión Pública</strong>: Por último, es necesario que la Comisión de Inteligencia del Congreso tenga más autonomía. Esta comisión es el órgano independiente con mayor capacidad para controlar el trabajo de inteligencia. Sin embargo, poco se sabe acerca de su trabajo, ya que sus reuniones y decisiones son confidenciales. Por lo tanto, obligaciones de transparencia podrían ser impuestas a la comisión sin debilitar sus funciones, que se inform sobre el número de veces que sus miembros o jueces especiales ha sido citados y el número de procedimientos especiales que se han conducido para la recolección de información. Estos informes deben estar disponibles al público a efectos de auditoría.</li>
</ul><p>En general, Miguel Morachimo de Hiperderecho esta preocupado con la falta de transparencia y rendición de cuentas del sistema de inteligencia:</p>
<blockquote><p>Pocas cosas se pueden decir con certeza acerca de cómo reformar nuestro sistema de inteligencia nacional, sobre todo porque nadie sabe realmente cómo el sistema ha estado trabajando durante los últimos diez años. Este es precisamente lo primero que hay que solucionar. El gobierno nacional debería ser más transparente sobre el alcance de su trabajo de inteligencia, el número de solicitudes de datos que hace, y el tipo de información que obtiene de los peruanos a través de los canales de inteligencia. No se trata de avisar nada a los chicos malos, se trata de permitir el acceso del público a información estadística anónima sobre sus operaciones con el fin de asegurarse de que los que están en el poder están debidamente supervisados y rinden cuentas.</p></blockquote>
<p>Los políticos peruanos ya han visto las consecuencias de la vigilancia se les sale de las manos; pero parece que la tentación de otorgar mayores poderes sin supervisión permanece. Al igual que con todos los países de nuestros informes, los políticos y los jueces de Perú deben entender que sin límites cuidadosos, los grandes poderes de vigilancia masiva pueden, en última instancia, socavar la seguridad de sus propias posiciones, y los derechos humanos de la población de Perú.</p>
<p align="justify"> </p>
</div></div></div>Mon, 31 Oct 2016 23:28:38 +0000kim93677 at https://www.eff.orgMandatory Data RetentionVigilancia de Estado & Derechos HumanosPeru’s Unhappy History with Surveillance, and How To Fix Ithttps://www.eff.org/es/node/93591
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p align="justify"><a href="https://necessaryandproportionate.org/americas-reports"><em><span><img src="/files/2016/10/24/og-latamsurveillanceenglishreport.png" alt="" width="650" height="325" /></span></em></a></p>
<p align="justify"><em><span>This post is part of the series </span><span>“<a href="https://necessaryandproportionate.org/americas-reports">Unblinking Eyes: The State of Communications Surveillance in Latin America</a>,” a </span><span>collaborative </span><span>project </span><span>conducted </span><span>with</span><span> digital rights partners in Latin America, </span><span>which</span><span> documents and </span><span>analyze</span><span>s</span><span> surveillance laws and practices in twelve countries: Argentina, Brazil, Chile, Colombia, El Salvador, Guatemala, Honduras, Peru, Mexico, Nicaragua, Paraguay, and Uruguay. In addition to </span><span>the </span><span>individual country reports, EFF produced a </span><span><a href="https://necessaryandproportionate.org/comparative-analysis-surveillance-laws-and-practices-latin-america">comparative legal analysis</a> of </span><span>the </span><span>surveillance laws in those twelve countries</span><span>, </span><span>as well as </span><span>a </span><span>regional <a href="https://necessaryandproportionate.org/americas-legal-analysis" class="western">l</a></span><span><a href="https://necessaryandproportionate.org/americas-legal-analysis" class="western">egal analysis</a> of the 13 Necessary and Proportionate Principles </span><span>written</span><span> with <a href="https://www.derechosdigitales.org/">Derechos Digitales</a></span><span>, </span><span>and an </span><a href="https://necessaryandproportionate.org/americas-reports/who-can-spy-on-us"><span>interactive map</span></a><span> that summarizes</span><span> our findings.</span></em></p>
<p align="justify"><span>In Peru, weak surveillance oversight brought down a prime minister. </span><span>In 2015 </span><span>the </span><span>Peruvian magazine, <a href="http://elcomercio.pe/politica/gobierno/dini-esta-lista-politicos-y-empresarios-rastreados-noticia-1798654?ref=nota_politica&amp;ft=contenido"><span class="western">Corr</span><span class="western">e</span><span class="western">o Semanal</span></a>, </span><span>alleged</span><span> that Peru's National Intelligence Directorate (DINI) </span><span>had illegally spied</span><span> on journalists, businessmen, policy makers, politicians, and members of the military and their families. </span><span>The DINI <a href="http://larepublica.pe/20-03-2015/tres-miembros-de-la-dini-rastreaban-informacion-sobre-politicos-y-empresarios" class="western">purportedly accessed information</a> stored in Peru's national registry of properties.</span></p>
<p align="justify"><span>The then Peruvian prime minister, Ana Jara, who was responsible for overseeing the DINI at the time, argued that the directorate was simply “copying information contained in public files and not violating tax secrecy or personal privacy.” Even so, Ms. Jara asked the Prosecutor's Office to investigate the situation for criminal wrongdoing and fired the agency's director, its' counter-intelligence chief, and its' national intelligence chief. </span></p>
<p align="justify"><a href="http://larepublica.pe/20-03-2015/tres-miembros-de-la-dini-rastreaban-informacion-sobre-politicos-y-empresarios"><span class="western"><span>Congress </span></span><span class="western"><span>felt</span></span></a><span><span class="western"> </span>the p</span><span>rime minister was </span><span>to</span><span> blame. </span><span>D</span><span>ue to the political context </span><span>at the time—</span><span>for </span><span>the </span><span>upcoming</span><span> p</span><span>residential and congressional </span><span>elections </span><span>were </span><span>only </span><span>a year </span><span>away—</span><span>a </span><span>Peruvian congressman argued that </span><span>it was “</span><span>obvious </span><span>that </span><span>the real goal </span><span>[of the DINI's data collection] was</span><span> to filter </span><span>information to</span><span> the press </span><span>in order</span><span> to </span><span>'</span><span>eliminate</span><span>'</span><span> the ruling contenders </span><span>[for the upcoming elections]</span><span>.” </span><span> Then-President Ollanta Humala was left to select a new prime minister and cabinet after Ms. Jara was forced to step down.</span></p>
<p align="justify"><span>President Humala did little to heed Congress's warning about unchecked surveillance of those in power. </span><span>J</span><span>ust four months after Jara was ousted, the president enacted Legislative Decree Nº 1182, </span><span>dubbed</span><span> “<a href="https://www.eff.org/deeplinks/2015/08/stalker-law-or-how-did-government-legalized-mass-surveillance-innocent-peruvians" class="western">Ley Stalker,</a>”</span><span> which </span><span>forces </span><span>telecommunications providers to retain communications data of their users for three years. </span><span>Simply put</span><span>, </span><span>the decree</span><span> shift</span><span>ed surveillance </span><span>practices based on </span><span>individualized suspicion to </span><span>the </span><span>mass, untargeted collection of communications of </span><span>an entire population. </span><span></span><span>Ley Stalker also allows warrantless access to location data in case</span><span>s</span><span> of blatant crimes. </span><span></span></p>
<p align="justify"><span>Ley Stalker and the DINI are just part of a continuing patchwork of poor surveillance oversight and alleged misuse by the executive in Peru. You can hear more about that history from those who experienced it, in our video below.</span></p>
<div class="mytube" style="width: 560px;">
<div class="mytubetrigger" tabIndex="0">
<img width="560" height="420" class="mytubethumb" alt="mytubethumb" src="https://www.eff.org/files/mytube/yt_RV17t76dfFw.jpg" style="margin: -52.5px 0" />
<img src="https://www.eff.org/sites/all/modules/contrib/mytube/play.png" class="mytubeplay" alt="play" style="top: 127.5px; left: 250px;" />
<div class="mytubeembedcode">%3Ciframe%20src%3D%22https%3A%2F%2Fwww.youtube-nocookie.com%2Fembed%2FRV17t76dfFw%3Fautoplay%3D1%22%20allowfullscreen%3D%22%22%20width%3D%22560%22%20height%3D%22315%22%20frameborder%3D%220%22%3E%3C%2Fiframe%3E</div>
</div><!--mytubetrigger-->
<div class="mytubetext">
<a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="https://www.youtube-nocookie.com/embed/RV17t76dfFw">youtube-nocookie.com</a></em><br /> </div>
</div>
<p>
<span>To learn how to fix these problems, Peru’s leaders need to understand how their current system works</span>—and what needs to be done to fix it.</p>
<h2 align="justify"><span>Surveillance in Peru Today</span></h2>
<p><span>The “</span><span><a href="https://necessaryandproportionate.org/country-reports/peru">State Communications Surveillance and the Protection of Fundamental Rights in Peru</a>,” by</span><span> Miguel Morachimo, </span><span>director</span><span> of the Peruvian NGO </span><span><a href="http://www.hiperderecho.org/">Hiperderecho</a>, </span><span>is part of the project </span><span><em>“<a href="https://necessaryandproportionate.org/americas-reports">Unblinking Eyes: The State of Communications Surveillance in Latin America</a>.” </em></span><span>The Peru report analyzes surveillance law in Peru and provides recommendations. </span><span>Here are </span><span>some of </span><span>its </span><span>main</span><span> findings:</span></p>
<ul><li><span><strong>On Peru's </strong><strong>Culture of Secrecy</strong>: In October 2015, Hiperderecho filed a freedom of information request to obtain the regulations that control the collaboration between the private sector and the government. Essentially the NGO was seeking the document that allows Ley Stalker to function. Hiperderecho's request was denied; the government has kept this protocol secret from the public, categorizing it as “reserved information.” </span></li>
<li><span><strong>On Location Privacy</strong>: Peru requires a judicial authorization for every interception of private communications, and courts have interpreted this requirement so that it is applied broadly. However, Legislative Decree </span><span><span>Nº</span> 1182 grants the National Police warrantless access to location data in real time, without a court order, in cases of blatant crimes. Hiperderecho argued that in such cases, a judicial authorization prior to the investigation should always be a constitutional requirement. The system like the one described in Legislative Decree </span><span><span>Nº </span>1182 represents a shortfall in the guarantees of the right to privacy of all Peruvians. Peru's lack of strong legal protection for location privacy must change.</span></li>
<li><span><strong>On User Notification</strong>: Laws in Peru require that anyone affected by surveillance be notified. However, notification only occurs after an investigation closes. Peru allows the user to seek judicial re-examination of the surveillance order. </span></li>
<li><span><strong>On Mandatory Data Retention</strong>: Requiring telecommunications companies and ISP's to store data of an entire population is inherently a disproportionate measure. Adding insult to injury, the safeguards for the type of data to be retained are not clearly defined by law. Peru should repeal Legislative Decree </span><span><span>Nº </span>1182, and reconsider the need to tie evidence to a place or persons in order to authorize any surveillance measure.</span></li>
<li><span><strong>On Law vs. Practice:</strong> It is necessary for the legislation that applies to intelligence activities to be clear and detailed in order to establish a limit to the scope of intelligence activities and tasks. Regulations must specify what the intelligence collection activities are, and indicate the time period in which the collected information shall be destroyed, or the criteria under which it shall be shared with other institutions or foreign states. Peru must ensure that any written norms are translated into consistent practice and that any failure to uphold the law is discovered and remedied. </span></li>
<li><span><strong>On Public Oversight</strong>: Finally, it is necessary for Congress's Intelligence Commission to have more autonomy. This commission is the independent body with the greatest capability to control intelligence work. Nonetheless, little is known about its work, since the meetings and decisions are confidential. Thus, transparency obligations could be imposed on the commission without weakening its functions, so that it reports on the number of times its members or special judges are summoned and on the number of special procedures that have been conducted for information collection. These reports should be available to the public for auditing purposes.</span></li>
</ul><p><span>Overall, Miguel Morachimo of Hiperderecho is concerned with the lack of transparency and accountability of the intelligence system:</span></p>
<blockquote><p>Few things can be said with certainty about how to reform our national intelligence system mainly because no one really knows how the system has been working over the past ten years. This is precisely the first thing to fix. The national government should be more transparent about the scope of their intelligence work, the number of data requests it makes, and the kinds of information it obtains from Peruvians through intelligence channels. This isn't about tipping off the bad guys, this is about allowing the public access to anonymized statistical information about their operations in order to ensure that those in power are properly overseen and held accountable.</p></blockquote>
<p align="justify"><span>Peruvian politicians have already seen the consequences when surveillance grows out of hand; but it seems the temptation to grant greater powers without oversight remains. As with every country in our reports, the politicians and judges of Peru should understand that without careful limits, broad mass monitoring powers will ultimately undermine the safety of their own positions, and the human rights of the people of Peru.</span></p>
<p align="justify"> </p>
</div></div></div>Mon, 24 Oct 2016 20:53:22 +0000kim93591 at https://www.eff.orgMandatory Data RetentionVigilancia de Estado & Derechos HumanosThe Global Ambitions of Pakistan's New Cyber-Crime Acthttps://www.eff.org/es/deeplinks/2016/08/global-ambitions-pakistans-new-cyber-crime-act
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Despite near universal condemnation from Pakistan's tech experts; despite the efforts of a <a href="http://digitalrightsfoundation.pk/2016pecbconsultation/">determined coalition</a> of activists, and despite numerous attempts by <a href="http://bolobhi.org/summary-senate-standing-committee-on-its-subcommittee-meetings-on-pecb/">alarmed politicians</a> to patch its many flaws, Pakistan's <a href="http://digitalrightsfoundation.pk/wp-content/uploads/2016/08/PECB2016.pdf">Prevention of Electronic Crimes Bill (PECB)</a> last week passed into law. Its passage ends an eighteen month long battle between Pakistan's government, who saw the bill as a flagship element of their anti-terrorism agenda, and <a href="https://content.bytesforall.pk/node/196">the technologists and civil liberties groups</a> who slammed the bill as an incoherent mix of anti-speech, anti-privacy and anti-Internet provisions.</p>
<p>But the PECB isn't just a tragedy for <a href="http://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=16879&amp;LangID=E">free expression</a> and <a href="https://www.privacyinternational.org/node/881">privacy </a>within Pakistan. Its broad reach has wider consequences for Pakistan nationals abroad, and international criminal law as it applies to the<br />
Net.</p>
<p>The new law creates broad crimes related to "cyber-terrorism" and its "glorification" online. It gives the authorities the opportunity to threaten, target and censor unpopular online speech in ways that go far beyond international standards or Pakistan's own free speech protections for offline media. Personal digital data will be collected and made available to the authorities without a warrant: the products of these data retention programs can then be handed to foreign powers without oversight.</p>
<p>PECB is generous to foreign intelligence agencies. It is far less tolerant of other foreigners, or of Pakistani nationals living abroad. Technologists and online speakers outside Pakistan should pay attention to the first clause of <a href="http://digitalrightsfoundation.pk/wp-content/uploads/2016/08/PECB2016.pdf">the new law</a>:</p>
<blockquote><ol><li>This Act may be called the Prevention of Electronic Crimes Act, 2016.</li>
<li>It extends to the whole of Pakistan.</li>
<li>It shall apply to every citizen of Pakistan <em>wherever he may be</em> and also to every other person for the time being in Pakistan.</li>
<li>It shall also apply to <em>any act committed outside Pakistan</em> by any person if the act constitutes an offence under this Act and affects a person, property, information system or data location in Pakistan.</li>
</ol></blockquote>
<p><a href="https://www.eff.org/issues/cfaa">Poorly-written cyber-crime laws</a> criminalize these everyday and innocent actions by technology users, and the PECB is no exception. It criminalizes the violation of terms of service in some cases, and ramps up the penalties for many actions that would be seen as harmless or positive acts in the non-digital world, including unauthorized copying and access. Security researchers and consumers frequently conduct "unauthorized" acts of access and copying for legitimate and lawful reasons. They do it to exercise of their right of fair use, to exposing wrongdoing in government, or to protect the safety and privacy of the public. Violating website terms of service may be a violation of your agreement with that site, but no nation should turn those violations into felonies.</p>
<p>The PECB asserts an international jurisdiction for these new crimes. It says that if you are a Pakistan national abroad (over 8.5 million people, or 4% of Pakistan's total population) you too can be prosecuted for violating its vague statutes. And if a Pakistan court determines that you have violated one of the prohibitions listed in the PECB in such a way that it affects any Pakistani national, you can find yourself prosecuted in the Pakistan courts, no matter where you live.</p>
<p>Pakistan isn't alone in making such broad claims of jurisdiction. Some countries claim the power to prosecute a narrow set of serious crimes committed against their citizens abroad under <a href="https://www.asil.org/sites/default/files/benchbook/jurisdiction.pdf">international law's</a> "passive personality principle" (the U.S. does so in some of its anti-terrorism laws). Other countries claim jurisdiction over the actions of its own nationals abroad under the "active personality principle" (for instance, in cases of treason.)</p>
<p>But Pakistan's cyber-crime law asserts both principles simultaneously, and explicitly applies them to all cyber-crime, both major and minor, defined in PECB. That includes creating "a sense of insecurity in the [Pakistani] government" (Ch.2, 10), offering services to change a computer's MAC address (Ch.2, 16), or building tools that let you listen to licensed radio spectrum (Ch.2, 13 and 17).</p>
<p>The universal application of such arbitrary laws could have practical consequences for the thousands of overseas Pakistanis working in the IT and infosecurity industries, as well for those in the Pakistan diaspora who wish to publicly critique Pakistani policies. It also continues the global jurisdictional trainwreck that surrounds digital issues, where every country demands that its laws apply and must be enforced across a borderless Internet.</p>
<p>Applying what has been described as <a href="https://www.eff.org/deeplinks/2015/11/deeper-look-inside-pecb-pakistans-terrible-cyber-crime-bill">"the worst piece of cyber-crime legislation in the world"</a> <em>to</em> the world is a bold ambition, and the current Pakistani government's reach may well have exceeded its grasp, both under international law and its own constitutional limits. The broad coalition who fought PECB in the legislature will now <a href="http://arstechnica.co.uk/tech-policy/2016/08/pakistan-cyber-law-faces-legal-challenge/">seek to challenge it in the courts</a>.</p>
<p>But until they win, Pakistan has overlaid yet another layer of vague and incompatible crimes over the Internet, and its own far-flung citizenry.</p>
</div></div></div>Thu, 18 Aug 2016 22:13:12 +0000danny92689 at https://www.eff.orgLegislative AnalysisCoders' Rights ProjectInternationalMandatory Data RetentionRussia Asks For The Impossible With Its New Surveillance Lawshttps://www.eff.org/es/deeplinks/2016/07/russia-asks-impossible-its-new-surveillance-laws
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>It’s been a rough month for Internet freedom in Russia. After it breezed through the Duma, President Putin signed the “Yarovaya package" into law—a set of radical “anti-terrorism” provisions drafted by ultra-conservative United Russia politician Irina Yarovaya, together with a set of instructions on how to implement the new rules. Russia’s new surveillance laws include some of Bad Internet Legislation’s greatest hits, such as mandatory data retention and government backdoors for encrypted communications—policies that EFF has opposed in every country where they’ve been proposed.</p>
<p>As if that wasn’t scary enough, under the revisions to the criminal code, Russians can now be prosecuted for “<a href="https://meduza.io/en/feature/2016/06/24/russia-s-state-duma-just-approved-some-of-the-most-repressive-laws-in-post-soviet-history">failing to report a crime</a>.” Citizens now risk a year in jail for simply <i>not</i> telling the police about suspicions they might have about future terrorist acts.</p>
<p>But some of the greatest confusion has come from Internet service providers and other telecommunication companies. These organizations now face impossible demands from the Russian state. Now they can be <a href="https://www.hrw.org/news/2016/07/12/russia-big-brother-law-harms-security-rights">ordered to</a> retain every byte of data that they transmit, including video, telephone calls, text messages, web traffic, and email for six months—a daunting and expensive task that requires the kind of storage capacity that’s usually associated with NSA data centers in Utah. Government access to this data no longer requires a warrant. Carriers must keep all metadata for three years; ISPs one year. Finally, any online service (including social networks, email, or messaging services) that uses encrypted data is now required to permit the Federal Security Service (FSB) to access and read their services’ encrypted communications, including providing any encryption keys.</p>
<p>Opposition to the Yarovaya package has come from many quarters. Technical experts have been united in opposing the law. Russia’s government Internet ombudsman opposed the bill. Putin’s own human rights head, <a href="http://www.voanews.com/content/russian-rights-activists-denounce-counterrorist-legislation/3400516.html">Mikhail Fedotov</a>, called upon the Senators of Russia’s Federal Council to reject the bill. ISPs have pointed out that compliance would <a href="http://translate.google.com/translate?hl=en&amp;sl=auto&amp;tl=en&amp;u=http%3A%2F%2Fwww.vedomosti.ru%2Fopinion%2Farticles%2F2016%2F06%2F29%2F647156-prava-grazhdan&amp;sandbox=1">cost them</a> <a href="http://translate.google.com/translate?u=https%3A%2F%2Fwww.vedomosti.ru%2Fopinion%2Fblogs%2F2016%2F06%2F24%2F646601-mozhet-bit&amp;hl=en&amp;langpair=auto%7Cen&amp;tbb=1&amp;ie=UTF-8">trillions of rubles</a>.</p>
<p>But now the law is here, and in force. Putin has asked for a list of services that must hand over their keys. ISPs have begun to consider how to store an impossibly large amount of data. Service providers are required to consider how to either break unbreakable encryption or include backdoors for the Russian authorities.</p>
<p>It is clear that foreign services will not be spared. Last week, the VPN provider, Private Internet Access (PIA), announced that <a href="https://www.privateinternetaccess.com/forum/discussion/21779/we-are-removing-our-russian-presence">they believed their Russian servers had been seized by the Russian authorities</a>. PIA says they do not keep logs, so they could not comply with the demand, but they have now discontinued their Russian gateways and “will no longer be doing business in the region.”</p>
<p>Russia’s ISPs, messaging services, and social media platforms have no such choice: because they cannot reasonably comply with all the demands of the Yarovaya package, they become de facto criminals whatever their actions. And that, in turn, gives the Russian state the leverage to extract from them any other concession it desires. The impossibility of full compliance is not a bug—it’s an essential feature.</p>
<p>Russia is not the only nation whose lawmakers and politicians are heading in this direction, especially when it comes to requiring backdoors for encrypted communications. Time and time again, technologists and civil liberties groups have warned the United States, <a href="http://fortune.com/2016/01/13/france-encryption/">France</a>, <a href="https://nakedsecurity.sophos.com/2016/01/06/netherlands-opposes-backdoors-but-encryption-still-under-assault/">Holland</a>, and a <a href="https://www.eff.org/deeplinks/2015/06/un-special-rapporteur-calls-upon-states-protect-encryption-and-anonymity-online">host of other nations</a> that the anti-encryption laws they propose cannot be obeyed without rewriting the laws of mathematics. Politicians have often responded by effectively telling the Internet’s experts “don’t worry, you’ll <a href="http://arstechnica.com/tech-policy/2015/12/hillary-clinton-wants-manhattan-like-project-to-break-encryption/">work out a way</a>.” Let us be clear: government backdoors in encrypted communications make us all less safe, no matter which country is holding the keys.</p>
<p>Technologists have sometimes believed that technical impossibility means that the laws are simply unworkable – that a law that cannot be obeyed is no worse than no law at all. As Russia shows, regulations that no one can comply with aren’t dead-letter laws. Instead, they corrode the rule of law, leaving a rusting wreckage of partial compliance that can be exploited by powers who will use their enforcement powers for darker and more partial ends than justice.</p>
<p>Russians concerned with the fall of Internet freedom, including the Society for the Protection of the Internet (IPI), have planned a <a href="https://www.facebook.com/events/1764553853760156/">protest</a> in cities across the country on July 26. EFF will continue to follow the situation closely as it develops.</p>
</div></div></div>Tue, 19 Jul 2016 18:36:06 +0000kim92388 at https://www.eff.orgMandatory Data RetentionSecurityPakistan's Senate Gets Smart About Terrible Cyber-Crime Billhttps://www.eff.org/es/deeplinks/2016/05/pakistans-senate-gets-smart-about-terrible-cyber-crime-bill
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Over the last few months, Pakistan's Internet community has been fighting to stop the passage of one of the world's worst cyber-crime proposals: the Prevention of Electronic Crimes Bill (PECB). Thanks in part to the <a href="https://act.eff.org/action/stop-pecb-pakistan-s-terrible-cybercrime-bill">hundreds of messages sent to Pakistan's senators</a>, they secured a major victory this week—public assurances from key members of Pakistan's Senate that they will oppose the bill in its entirety. There's still work to be done, but it's a strong sign that public opposition is working.</p>
<p>As <a href="https://www.eff.org/deeplinks/2015/11/deeper-look-inside-pecb-pakistans-terrible-cyber-crime-bill">we've noted before</a>, the PECB is a hodge-podge of failed and poorly-drafted solutions to a motley assortment of Internet bugbears, from spam to hate speech to criminal hacking. It includes provisions that would create unaccountable censorship systems, criminalize ordinary Internet user behavior, and instigate universal data retention for Pakistan's Net users: data that will be shared with foreign governments without consent.</p>
<p>Despite the near-universal condemnation by the technical community, the PECB passed Pakistan's lower house in April 15 with only a dozen lawmakers present. Opponents feared that the government would be able to smuggle the law just as quickly through the Parliament's upper house, the Senate.</p>
<p><a href="http://bolobhi.org/">Bolo Bhi</a>, and the <a href="http://digitalrightsfoundation.pk/">Digital Rights Foundation</a> <a href="http://digitalrightsfoundation.pk/2016pecbconsultation/">held a meeting</a> Tuesday with Pakistani politicians to warn them of the consequences of the bill. It was a timely intervention: that very day, the bill's supporters tried to introduce it to the floor of the Senate for another rushed vote. Thankfully, at least some of the Senate has been listening to the concerns of technologists and civil liberties groups. Opposition politicians at the meeting <a href="//storify.com/DigitalRightsPK/senators-commit-not-to-pass-cyber-crime-bill-in">assured the organizers</a> that they understood the many problems with the bill, and had heard the calls from Internet users to stop the bill.</p>
<p>The Senators said they'd heed the calls for public consultations that the bills' drafters have ignored, and push not just for amendments, but for Pakistan's government to start from scratch with a brand new proposal. Senator Shahi Syed, who heads the Senate's IT committee, <a href="http://digitalrightsfoundation.pk/senatetostoppecb">expressed his confidence</a> that the house would not pass the PECB in its current form, and that a public hearing on the bill would allow the public to take part in the process.</p>
<p>It looks like the Pakistan government's attempt to rush the PECB through has hit a roadblock. But we need to keep the pressure on. If you're a citizen or resident of Pakistan, you can reach out to the Senate via Twitter using <a href="//act.eff.org/action/stop-pecb-pakistan-s-terrible-cybercrime-bill">our PECB action alert</a>. Tell them you support throwing out this ridiculous bill now.</p>
</div></div></div>Fri, 20 May 2016 21:00:48 +0000danny91736 at https://www.eff.orgCall To ActionInternationalMandatory Data RetentionLa Suprema Corte de México no frena la retención de datos, pero activistas llevarán el caso a Corte internacionalhttps://www.eff.org/es/deeplinks/2016/05/retencion-datos-mexico-suprema-corte-activistas-internacional
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>En una decisión decepcionante, la segunda sala de la Suprema Corte de Justicia de la Nación (SCJN) <a target="_blank" href="http://internacional.elpais.com/internacional/2016/05/05/mexico/1462419652_838421.html">rechazó la impugnación</a> a los mandatos de retención de datos establecidos por la Ley Federal de Telecomunicaciones (Ley Telecom o LFTR) y la carencia de salvaguardas legales. El amparo -un recurso a disposición de cualquier persona cuyos derechos han sido violados- fue interpuesto por la <a href="https://r3d.mx/">Red en Defensa de los Derechos Digitales (R3D.mx)</a>, ONG defensora de los derechos digitales que, en representación de activistas, estudiantes y periodistas argumentaron que los artículos 189 y 190 de la Ley Telecom violan el derecho a la privacidad de los ciudadanos mexicanos. Estos artículos obligan a las operadoras de telefonía e internet a retener en forma masiva los metadatos – e incluso la geolocalización precisa – de sus usuarios por un periodo de 24 meses.</p>
<p align="left">En un <a href="https://r3d.mx/2016/05/04/la-decision-de-la-segunda-sala-de-la-suprema-corte-pone-en-riesgo-la-privacidad-y-seguridad-de-toda-la-ciudadania-r3d-acudira-a-la-justicia-internacional/">comunicado</a>, nuestros colegas de R3D.mx, quienes presentaron el caso, manifestaron que la SCJN “ha desaprovechado una oportunidad histórica para sentar un precedente en favor de la privacidad y la seguridad de todas las personas usuarias de servicios de telecomunicaciones”.</p>
<p align="left">Sin embargo, mantienen las esperanzas de que en la decisión íntegra, que todavía no ha sido publicada, todavía se puedan establecer restricciones sobre cómo el <a target="_blank" href="https://www.eff.org/es/deeplinks/2016/04/la-suprema-corte-de-mexico-debe-proteger-el-derecho-la-privacidad">gobierno obtiene los datos</a>. Carlos Brito, director de incidencia de R3D.mx, comentó a EFF: </p>
<blockquote><p align="left">“[S]egún <a href="http://www.internet2.scjn.gob.mx/red2/comunicados/comunicado.asp?id=4301">el comunicado que ha difundido la propia Corte</a>, varios de nuestros argumentos a favor de controles democráticos para la vigilancia, lograron influir en la decisión final. Esta decisión final, no la podremos conocer hasta dentro de unas semanas cuando sea publicada”.</p>
</blockquote>
<p align="left">R3D reiteró la preocupación de esta decisión sigue permitiendo el acceso en tiempo real de los datos de ubicación por las fuerzas del orden sin supervisión o autorización judicial.</p>
<p align="left">Pero esta sentencia no termina aquí para aquellos que luchan contra la retención de datos o el acceso descontrolado del gobierno a los datos personales. Ahora que R3D y sus aliados han agotado todas las instancias de derecho interno, ellos anunciaron que entablarán una demanda al Estado Mexicano ante la Corte Interamericana de Derechos Humanos. Este nuevo litigio será extenso, pero con éxito, podrá sentar <a href="https://r3d.mx/2016/05/05/la-scjn-y-la-leytelecom-lo-malo-lo-bueno-lo-absurdo-y-lo-que-sigue/">un precedente positivo</a> no solo para México sino para toda la región. La Gran Sala del Tribunal de Justicia de la Unión Europea ya ha determinado que la retención de datos es una <i>“</i><em>interferencia de amplio alcance y particularmente grave de los derechos fundamentales”</em>; incluso con este revés, aguardamos que el sistema de derechos humanos del continente americano llegue a las mismas conclusiones.</p>
<p><em></em></p>
<p></p><div class="caption caption-center"><div class="caption-width-container"><div class="caption-inner"><img src="/files/2016/05/06/article_19_data_retention.jpg" alt="" title="Graphic made by Article 19 Mexico." height="616" width="550" /><p class="caption-text">Infografía de Artículo 19 México.</p></div></div></div>
<p></p>
</div></div></div>Sat, 07 May 2016 01:04:17 +0000davidbogado91579 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosMexico's Supreme Court Won’t Halt Data Retention: Activists Plan to Take Case to International Courthttps://www.eff.org/es/node/91578
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p align="left">In a disappointing decision, Mexico’s Supreme Court rejected a challenge to Mexico’s <a href="https://www.eff.org/deeplinks/2014/05/proposed-mexican-telecom-law-would-be-disaster-internet-freedom">Ley Telecom</a> data retention mandates and its lack of legal safeguards. The challenge, or <a href="https://en.wikipedia.org/wiki/Recurso_de_amparo">writ of amparo</a>—a remedy available to any person whose rights have been violated—was filed by R3D.mx on behalf of a coalition of journalists, human rights NGOs, students arguing that Articles 189 and 190 of Ley Telcom violate the privacy rights of Mexican citizens. The articles compel the country’s telephone operators and ISPs, to retain a massive amount of metadata — including the precise location of its users — for 24 months.</p>
<p align="left">In a statement, our colleagues at <a href="https://r3d.mx/">Red en Defensa de los Derechos Digitales (R3D.</a><a href="https://r3d.mx/">mx</a><a href="https://r3d.mx/">)</a>, who filed the case, declared that the court “missed an historic opportunity to establish a precedent for the privacy and safety of all users of telecommunications services.”</p>
<p align="left">They remain hopeful, however, that the full decision, which has not yet been published, might still put some constraints on how the <a target="_blank" href="https://www.eff.org/deeplinks/2016/04/mexican-supreme-court-should-reject-mass-surveillance">government obtains the data</a>. Carlos Brito, R3D’s Advocacy Director, told EFF:</p>
<blockquote><p align="left"> [A]ccording to the statement that the <a href="http://www.internet2.scjn.gob.mx/red2/comunicados/comunicado.asp?id=4301">Court </a><a href="http://www.internet2.scjn.gob.mx/red2/comunicados/comunicado.asp?id=4301">has published</a>, several of our arguments in favor of democratic controls for surveillance did influence their final decision, but we’ll only know for sure in a few weeks.</p>
</blockquote>
<p align="left">R3D remains most concerned that the ruling will still allow real-time access to location data by law enforcement without judicial oversight or a warrant.</p>
<p align="left">It’s not the end of the road for those fighting data retention or uncontrolled government access to personal data. Now that R3D.mx and their colleagues have exhausted potential challenges under domestic law, they intend to file a lawsuit against the Mexican State before the Inter-American Court of Human Rights. This new litigation will be lengthy, but if successful, it will set <a href="https://r3d.mx/2016/05/05/la-scjn-y-la-leytelecom-lo-malo-lo-bueno-lo-absurdo-y-lo-que-sigue/">a positive precedent</a> not only for Mexico but for the entire region. Europe’s highest courts have already determined that data retention is a “wide-ranging and particularly serious interference” with fundamental rights; even with this setback, we hope that the Americas’ human rights system will come to the same conclusions.</p>
</div></div></div>Sat, 07 May 2016 01:00:43 +0000davidbogado91578 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosMexican Supreme Court Should Reject Mass Surveillancehttps://www.eff.org/es/node/91257
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">The Supreme Court of Justice of Mexico (SCJN) is about to issue its decision on an injunction against a provision of the Federal Telecommunications Act (also known as Ley Telecom) that requires telephone companies and internet service providers to retain data about their users’ communications for a period of 24 months.</p>
<p dir="ltr">In September 2014, our colleagues at the digital rights NGO, <a href="https://r3d.mx/">Red en Defensa de los Derechos Digitales</a> (R3D.mx), filed an injunction against Articles 189 and 190 of the Ley Telecom after the National Human Rights Commission (CNDH) and the Federal Institute for Access to Public Information and Data Protection (INAI)—two offices with legal authority to file actions of unconstitutionality against the Ley Telecom—failed to do so. A court denied the injunction in<a href="http://aristeguinoticias.com/0408/mexico/la-corte-revisara-amparo-por-vigilancia-y-retencion-de-datos-a-usuarios-de-telecom/"> February 2015</a>, but R3D.mx filed a recourse of revision and received a favorable ruling by another court in August 2015. The case was then referred to the Mexican Supreme Court.</p>
<p dir="ltr">Telecommunications companies in Mexico are<a href="https://www.youtube.com/watch?v=2GvAzfq3vjo"> required to store</a> vast amounts of metadata, which violates the privacy of millions of Mexican citizens. The law requires that telecommunications companies retain the following:</p>
<blockquote><p dir="ltr">a) The user's name, business name, or corporate name and address;</p>
<p dir="ltr">b) The type of communication (voice transmission, voicemail, SMS), employed services (call forwarding and transfers), and messenger or multimedia services that have been used (including short messaging services and multimedia and advanced services);</p>
<p dir="ltr">c) Data about the origin and destination of mobile communications, including destination number and types of line service;</p>
<p dir="ltr">d) Data about the date, time, and duration of the communication;</p>
<p dir="ltr">e) The date and time of the first service activation and localization tag (Cell ID);</p>
<p dir="ltr">f) When appropriate, the identification and technical characteristics of the device, including international ID codes of the subscriber and the device manufacturer;</p>
<p dir="ltr">g) The geographical position of the lines</p>
</blockquote>
<p dir="ltr">EFF supports R3D.mx in their fight against mandatory data retention. Two years after the Telecom Law was reformed, the Mexican state has still not caught up to its international human rights obligations; mandatory data retention is an unnecessary and disproportionate measure that affects the privacy rights of millions of Mexicans. The Telecom law also allows warrantless access to the retained metadata, contrary to international human rights standards. Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent.</p>
<p dir="ltr">In June 2015, EFF and R3D.mx released <a href="https://www.eff.org/deeplinks/2015/06/new-report-shows-which-mexican-isps-stand-their-users">"¿Quién Defiende Tus Datos?"</a>, a report based on EFF's annual<a href="https://www.eff.org/who-has-your-back-government-data-requests-2015"> "Who Has Your Back?" publication. </a>It evaluated the privacy practices of ISPs based in Mexico and found that the companies that millions of Mexicans use every day have very poor privacy practices when it comes to protecting the data of their users even when all of the evaluated companies, except for Megacable, have publicly advocated for user privacy in front of Mexico’s Congress and other regulatory bodies such as the Federal Institute of Telecommunications (IFT).</p>
<p dir="ltr">EFF, along with several other digital rights organizations, has signed onto a letter directed to the Mexican Supreme Court that promotes the right to privacy and urges the Court to outlaw mandatory data retention in Mexico. From the letter:</p>
<p dir="ltr">The Supreme Court has the historic opportunity to establish a precedent of privacy protection in Mexico and replicate the international trends on the issue. Conversely, if they validate the unchecked surveillance facilitated by the Telecommunications Law, the Supreme Court would send the extremely dangerous message that everything goes in the name of security – including those measures that, far from protecting it, would compromise it even more, especially in the context of the human rights crisis the country is facing</p>
<p dir="ltr">For more, <a href="https://r3d.mx/2016/04/14/la-scjn-debe-proteger-el-derecho-a-la-privacidad-ante-retencion-de-datos-y-vigilancia-sin-controles-en-leytelecom/">read the full text</a>.</p>
</div></div></div>Fri, 15 Apr 2016 17:45:27 +0000katitza91257 at https://www.eff.orgCommentaryInternationalMandatory Data RetentionLa Suprema Corte de México debe rechazar la vigilancia masivahttps://www.eff.org/es/deeplinks/2016/04/la-suprema-corte-de-mexico-debe-proteger-el-derecho-la-privacidad
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>En México, la Segunda Sala de la Suprema Corte de Justicia de la Nación (SCJN) está a punto de resolver los juicios de amparo contra la disposición de la Ley Federal de Telecomunicaciones (also know as Ley Telecom) que obliga a las operadoras de telefonía y empresas proveedores de Internet a retener masiva e indiscriminadamente los datos de comunicaciones – e incluso geolocalización – de sus usuarios por un periodo de 24 meses.</p>
<p>Nuestros colegas de la <a href="https://r3d.mx/">Red en Defensa de los Derechos Digitales (R3D)</a> presentaron un amparo contra los artículos 189 y 190 de la Ley Telecom en septiembre de 2014, dada la inacción de la Comisión Nacional de Derechos Humanos (CNDH) y al Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI), organismos facultados para presentar acciones de inconstitucionalidad contra la mencionada ley. En <a href="http://aristeguinoticias.com/0408/mexico/la-corte-revisara-amparo-por-vigilancia-y-retencion-de-datos-a-usuarios-de-telecom/">febrero del 2015</a>, un juzgado especializado en competencia económica, radiodifusión y telecomunicaciones decidió no conceder el amparo, pero R3D.mx interpuso un recurso de revisión, que fue resuelto favorablemente por un tribunal en agosto del pasado año y se remitió el caso a la Suprema Corte mexicana.</p>
<p>Los concesionarios de telecomunicaciones en México están <a href="https://www.youtube.com/watch?v=2GvAzfq3vjo">obligados a conservar</a> una vasta cantidad de metadatos que suponen una grave injerencia estatal y una <a href="https://r3d.mx/2016/04/14/preguntas-frecuentes-sobre-la-inconstitucionalidad-de-los-articulos-189-y-190-de-la-leytelecom/">invasión a toda escala</a> a la privacidad en las comunicaciones de millones de ciudadanos mexicanos. Para muestra, basta un botón, con solo revisar el listado de datos obligados a conservar por ley:</p>
<blockquote><p><i>a) Nombre, denominación o razón social y domicilio del suscriptor; </i></p>
<p><i>b) Tipo de comunicación (transmisión de voz, buzón vocal, conferencia, datos), servicios suplementarios (incluidos el reenvío o transferencia de llamada) o servicios de mensajería o multimedia empleados (incluidos los servicios de mensajes cortos, servicios multimedia y avanzados); </i></p>
<p><i>c) Datos necesarios para rastrear e identificar el origen y destino de las comunicaciones de telefonía móvil: número de destino, modalidad de líneas con contrato o plan tarifario, como en la modalidad de líneas de prepago;</i></p>
<p><i>d) Datos necesarios para determinar la fecha, hora y duración de la comunicación, así como el servicio de mensajería o multimedia;</i></p>
<p><i>e) Además de los datos anteriores, se deberá conservar la fecha y hora de la primera activación del servicio y la etiqueta de localización (identificador de celda) desde la que se haya activado el servicio; </i></p>
<p><i>f) En su caso, identificación y características técnicas de los dispositivos, incluyendo, entre otros, los códigos internacionales de identidad de fabricación del equipo y del suscriptor; </i></p>
<p><i>g) La ubicación digital del posicionamiento geográfico de las líneas telefónicas, y </i></p>
<p><i>h) La obligación de conservación de datos, comenzará a contarse a partir de la fecha en que se haya producido la comunicación.</i></p></blockquote>
<p>Desde EFF seguimos y apoyamos la lucha de los activistas de México en contra de la retención de datos. A dos años de la reformas de la Ley Telecom, el estado mexicano no se ha puesto a la altura de sus compromisos internacionales en materia de derechos humanos en el entorno digital, al poseer un instrumento legal que abre la puerta de manera desproporcionada a la vigilancia de las comunicaciones de una población entera e incluso e incluso autoriza el acceso a los datos retenidos sin autorización judicial.</p>
<p>En junio de 2015, EFF junto con R3D.mx presentaron el informe <a href="https://www.eff.org/es/deeplinks/2015/06/informe-quien-defiende-tus-datos-muestra-mucho-por-hacer-para-defender-la">“¿Quién Defiende Tus Datos?”</a>, basados en el reporte anual de EFF denominado “<a href="https://www.eff.org/who-has-your-back-government-data-requests-2015">Who Has Your Back?</a>”, que evaluó y calificó negativamente las prácticas de privacidad de las compañías proveedoras de Internet que millones de mexicanos utilizan a diario. Todas las empresas, excepto Megacable, abogaron por la privacidad de sus usuarios ante el Congreso de la Unión al cuestionar las disposiciones de vigilancia tales como la retención de datos.</p>
<blockquote><p>“La SCJN posee una oportunidad histórica para establecer un precedente de protección a la privacidad en México y replicar las tendencias internacionales en el tema. Por el contrario, en caso de validar la vigilancia sin controles que facilita la Ley de Telecomunicaciones, la SCJN estaría enviando un mensaje sumamente peligroso de que todo se vale con el pretexto de proteger la seguridad, incluso medidas que, lejos de proteger la seguridad, la comprometerán aún más, sobre todo en el contexto de crisis en materia de derechos humanos por el que atraviesa el país”, señala una nota dirigida a la Suprema Corte mexicana, elaborada por R3D.mx y firmada por EFF y varias organizaciones defensoras de los derechos digitales de todo el mundo, que insta al máximo tribunal a proteger el derecho a la privacidad.</p></blockquote>
<p><a target="_blank" href="https://r3d.mx/2016/04/14/la-scjn-debe-proteger-el-derecho-a-la-privacidad-ante-retencion-de-datos-y-vigilancia-sin-controles-en-leytelecom/">Puedes leer la carta completa aquí.</a></p>
</div></div></div>Thu, 14 Apr 2016 22:36:02 +0000katitza91245 at https://www.eff.orgCommentaryInternationalMandatory Data RetentionThe Sorry Tale of the PECB, Pakistan's Terrible Electronic Crimes Billhttps://www.eff.org/es/deeplinks/2015/11/sorry-tale-pecb-pakistans-terrible-electronic-crime-bill
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>It is a truth universally acknowledged that a government, in the wake of a national security crisis—or hostage to the perceived threat of one—will pursue and in many cases enact legislation that is claimed to protect its citizens from danger, actual or otherwise. These security laws often include wide-ranging provisions that do anything but protect their citizens' rights or their safety. We have seen this happen time and time again, from the America's <a href="https://www.eff.org/issues/patriot-act">PATRIOT Act</a> to Canada's <a href="http://www.michaelgeist.ca/2015/03/why-the-anti-terrorism-bill-is-really-an-anti-privacy-bill-bill-c-51s-evisceration-of-government-privacy/">C-51</a>. The latest wave of statements by politicians after the Paris bombing implies we will see more of the same very soon.</p>
<p>Not keen to be left out, Pakistan has now joined the ranks of countries using “cybercrime” and terrorism to rewrite the protections for their nationals' privacy and right to free expression. In January 2015 the Government of Pakistan drafted the <a href="http://www.thenews.com.pk/Todays-News-2-296364-Draft-cyber-law-covers-terrorism-but-misses-cyber-stalking">Prevention of Electronic Crimes Bill</a> (PECB). Ostensibly the PECB was written to address new digital issues, such as cyberstalking, forgery, and online harassment. The reality is the PECB contains such broad legal provisions that that it would criminalize everyday acts of expression while undermining the right to privacy of Pakistani citizens.</p>
<p>PECB was introduced in the same period as the government of Pakistan established its <a href="https://www.washingtonpost.com/news/worldviews/wp/2014/12/24/pakistan-announces-a-national-plan-to-fight-terrorism-says-terrorists-days-are-numbered/">National Action Plan</a>, a comprehensive state-level project to combat terrorism after armed men linked to the Taliba, attacked an Army-run school in the city of Peshawar, killing 145 people, 132 of which were children. The PECB became part of the NAP: a political product intended to make control of political expression an official role of the government.</p>
<p>Much like its international counterparts, the PECB skews in favor of national security—loosely defined—while ignoring civil liberties. <a href="http://www.netfreedom.pk/?p=1113">Section 34</a> of the PECB, for example, gives the Pakistan Telecommunication Authority (PTA) powers to block objectionable content and websites, with very vague, unclear ideas as to what constitutes ‘objectionable'. If the PTA determine that it is “necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, friendly relations with foreign states, public order, decency or morality,” then the authorities can censor it.</p>
<p>Do you pass messages via Facebook, Twitter and other social media platforms? Under the PECB, if those messages are “obscene” or “immoral”, you may be committing a criminal offence—again, there is no clear definition of what constitutes either “obscene” or “immoral.” . Even if one does manage to think clean thoughts, sending an email or a message without the recipients permission is a criminal offence, under <a href="http://www.netfreedom.pk/?p=1108">Section 21</a>. A lack of clearly defined clarifications and explanations gives sweeping power to investigating agencies, with the ability to implicate, fine and imprison anyone for sending a single email without prior consent.</p>
<p>These provisions and others in the drafted bill have led to condemnation from <a href="http://bolobhi.org/pecb2015-consolidated-comments-request-for-public-hearing-submitted/">Pakistani rights organizations</a>, international groups including <a href="https://www.hrw.org/news/2015/04/20/pakistan-cybercrime-bill-threatens-rights">Article 19, Human Rights Watch</a> and <a href="https://www.privacyinternational.org/sites/default/files/Prevention-of-Electronic-Crimes-Bill-2015%20Legal%20Analysis_0.pdf">Privacy International</a>, and from Pakistan's <a href="http://tribune.com.pk/story/871245/draconian-law-stakeholders-condemn-cybercrime-bill/">legal and media</a> communities.</p>
<p>My own organization and many others have been pushing Pakistan's government to retract the drafted PECB, and to include amendments that incorporate civil liberties concerns. The political atmosphere has made them generally reluctant to open up the drafting process to civil society. Organizations, activists and members of Pakistan's nascent tech industry spent most of 2015 calling upon the Pakistan National Assembly's Standing Committee on Information Technology and Telecommunication to withdraw the drafted PECB for further study and amendments.</p>
<p>On September 17th, however, the Standing Committee decided to approve the draft and send it on its way to the National Assembly. Actually, to be more precise: copies of the draft <a href="http://digitalrightsfoundation.pk/pecbdraftsept/">were not given</a> by the drafters to other committee members. When they objected, and stressed that the drafted bill could not be approved without review, they were overruled by the committee chair, who said that as he had seen the draft, that would be sufficient to pass it onto the National Assembly.</p>
<p>Anusha Rehman, the Minister of State for IT &amp; Telecommunications, has <a href="http://tribune.com.pk/story/870919/na-committee-approves-controversial-cyber-crime-bill/">defended the PECB</a>, asserting that “safeguards have been ensured against any expected misuse.” But as it is currently written, the PECB contains little in the way of safeguards. Suggestions by civil society and lawyers have been consistently ignored.</p>
<p>What Pakistan needs is a a cybercrime bill that progressively and effectively balances security and civil liberties. The current PECB text, badly drafted and politically compromised, is so far away from that goal that it needs a complete overhaul.</p>
<p>Pakistan's lawmakers need to know how broken the PECB is. EFF and Digital Rights Foundation have created a tool that lets you send a message to key Senators and Members of the National Assembly via Twitter. <a href="https://act.eff.org/action/stop-pecb-pakistan-s-terrible-cybercrime-bill">Take action now, and stop the PECB from undermining Pakistan's online future.</a></p>
<p>This guest post was written by <em><a href="https://twitter.com/nighatdad">Nighat Dad, </a>the founder and executive director of Pakistan's <a href="http://digitalrightsfoundation.pk/about/">Digital Rights Foundation</a>, and research associate </em><em><span class="st"><em>Adnan</em> Chaudhry.</span> </em></p>
</div></div></div>Tue, 24 Nov 2015 02:09:18 +0000danny89084 at https://www.eff.orgCommentaryFree SpeechInternationalMandatory Data RetentionPrivacyLey Stalker: Organizaciones Internacionales Piden Al Gobierno Peruano Proteger La Privacidad De Sus Ciudadanoshttps://www.eff.org/es/deeplinks/2015/08/ley-stalker-organizaciones-piden-gobierno-peruano-proteger-privacidad
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">En una carta abierta dirigida a la Comisión de Constitución y Reglamento del Congreso del Perú, que será responsable de la revisión del <a href="http://www.hiperderecho.org/wp-content/uploads/2015/07/DL_1182.pdf">Decreto Legislativo 1182</a> firmado por la Presidencia del país latinoamericano, diversas organizaciones internacionales defensoras de los derechos humanos en el mundo digital han expresado su preocupación sobre la flamante normativa.</p>
<p dir="ltr"><img src="/files/2015/08/26/peruvian-stalker-law.jpg" alt="" height="326" width="651" /></p>
<p dir="ltr">El DL 1182, que fue bautizado como <a href="https://www.eff.org/node/87444">“Ley Acosadora” o “Ley Stalker”</a> en idioma inglés, obliga a proveedoras de telefonía y servicios de Internet a retener los metadatos de la población que usa teléfono móvil o fijo e Internet por un periodo de tres años, hechos que constituyen una violación a los derechos fundamentales de millones de ciudadanos del Perú.</p>
<p dir="ltr">A casi un mes de la publicación de la ley, organizaciones y colectivos defensores de los derechos en línea hacen un llamado para que la normativa sea rechazada íntegramente. “Recordamos que el ordenamiento internacional de los Derechos Humanos establece que las medidas de vigilancia deben estar precedidas por un juicio de necesidad y proporcionalidad, en razón de su carácter invasivo a la privacidad de las personas”, reza parte de la nota.</p>
<p dir="ltr">Desde EFF hemos dado seguimiento desde el día que el Decreto Legislativo <a href="https://www.eff.org/es/deeplinks/2015/07/peru-adopta-la-retencion-de-datos-informacion-localizacion-no-protegida">salió a luz</a>, así como lanzamos, junto con la ONG peruana Hiperderecho y Access, <a href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad">una herramienta</a> para que los ciudadanos expresen a los congresistas sus preocupaciones sobre la Ley Stalker.</p>
<p><em>A continuación, la carta firmada por EFF y 25 organizaciones de todo el mundo:</em></p>
<blockquote><h2 dir="ltr">Comunicado de Organizaciones de la Sociedad Civil sobre medidas de vigilancia en Perú</h2>
<p dir="ltr">Los aquí firmantes, individuos y organizaciones internacionales dedicados a la defensa de los derechos humanos en internet queremos expresar nuestra profunda preocupación por el Decreto Legislativo 1182 emitido a finales de Julio por la Presidencia del Perú, que habilita herramientas de vigilancia estatal de manera incompatible con estándares internacionales de Derechos Humanos.</p>
<p dir="ltr">El mencionado ordenamiento establece dos obligaciones para los proveedores de telecomunicaciones en Perú (telefonía fija y móvil, internet, etc.) En primer lugar, les ordena proveer a la Policía Nacional información de geolocalización al instante sobre cualquier usuario en casos de delitos flagrantes, sin mediar orden judicial previa. En segundo lugar, obliga a los proveedores de Internet y telefonía a conservar datos de tráfico de telecomunicaciones por 3 años.</p>
<p dir="ltr">Ambas medidas resultan ilegales por apartarse de los estándares internacionales de Derechos Humanos que están presentes en tratados internacionales a los que Perú ha suscrito. En particular, las medidas de vigilancia sin orden judicial previa (que incluye la información de ubicación de un dispositivo) no refleja el requisito básico del derecho internacional de los derechos humanos de que el uso legítimo de las facultades de vigilancia de los funcionarios debe contar un seguimiento independiente con<a href="https://eff.org/r.o2pz"> estrictas salvaguardas contra el abuso</a>.</p>
<p dir="ltr">Las limitaciones al derecho a la privacidad, como regla, sólo deberían ordenarse después de un examen exhaustivo de<a href="http://bit.ly/1NERT36"> criterios de legalidad, necesidad y proporcionalidad</a> por parte de un juez competente. Además, la obligación impuesta por el Estado a los proveedores de telecomunicaciones de conservar datos de tráfico de todos los habitantes del Perú por 3 años también lesiona el derecho a la privacidad, libertad de expresión y protección de los datos personales al ser medidas desproporcionadas e innecesarias en una sociedad democrática.</p>
<p dir="ltr">Comprendemos que la lucha contra el crimen organizado es una de las prioridades que el Estado debe atender como garante de los derechos constitucionales de los ciudadanos. Pero los medios que arbitre a tal fin deben estar informados también por garantías constitucionales que limiten los abusos de poder en los que el gobierno o sus agentes pudieran caer.</p>
<p dir="ltr">En tal sentido, recordamos que el ordenamiento internacional de los Derechos Humanos establece que las medidas de vigilancia deben estar precedidas por un juicio de necesidad y proporcionalidad, en razón de su carácter invasivo a la privacidad de las personas. Para ser proporcional, la vigilancia debe limitarse a delitos graves y ser utilizada sólo cuando<a href="https://es.necessaryandproportionate.org/text"> otras vías menos lesivas de investigación</a> han sido agotadas o resulten inútiles.</p>
<p dir="ltr">En virtud de lo expuesto, solicitamos que la Comisión de Constitución y Reglamento del Congreso del Perú rechace de plano el Decreto Legislativo 1182 y que los tres poderes del Estado Peruano redoblen sus esfuerzos para el control de la legalidad y la adecuación a estándares internacionales de Derechos Humanos de las medidas de vigilancia que se implementen o hayan implementado en el territorio peruano.</p>
<h3 dir="ltr">Firmantes:</h3>
<p dir="ltr">Access - Global</p>
<p dir="ltr">Electronic Frontier Foundation (EFF) - Global</p>
<p dir="ltr">DATA - Uruguay</p>
<p dir="ltr">TEDIC - Paraguay</p>
<p dir="ltr">Asociación por los Derechos Civiles - ADC - Argentina</p>
<p dir="ltr">Derechos Digitales - América Latina</p>
<p dir="ltr">Fundación Karisma- Colombia</p>
<p dir="ltr">Instituto Beta Para Internet e Democracia (IBIDEM) - Brasil</p>
<p dir="ltr">Sursiendo, Comunicación y Cultura Digital - México</p>
<p dir="ltr">Asociación para el Progreso de las Comunicaciones (APC) - Global</p>
<p dir="ltr">Usuarios Digitales - Ecuador</p>
<p dir="ltr">Instituto Panameño de Derecho y Nuevas Tecnologías (IPANDETEC)</p>
<p dir="ltr">Fundación Redes Para el Desarrollo Sostenible (REDES) - Bolivia</p>
<p dir="ltr">Acceso Libre - Venezuela</p>
<p dir="ltr">ACI-Participa (Honduras)</p>
<p dir="ltr">Colnodo - Colombia</p>
<p dir="ltr">La Quadrature du Net - Europa</p>
<p dir="ltr">Instituto Demos - Guatemala</p>
<p dir="ltr">Associated Whistleblowing Press (AWP) - Global</p>
<p dir="ltr">Asociación Trinidad/ Radio Viva - Paraguay</p>
<p dir="ltr">Cooperativa Tecnológica Primero de Mayo/Enlace Popular - México</p>
<p dir="ltr">Privacy International - Global</p>
<p dir="ltr">Nodo TAU - Argentina</p>
<p dir="ltr">Colectivo Actantes - Brazil</p>
<p dir="ltr">Open Net Korea - South Korea</p>
<p>Australian Privacy Foundation - Australia</p></blockquote>
</div></div></div>Wed, 26 Aug 2015 23:38:54 +0000davidbogado87531 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosStalker Law: International Organizations Call Upon the Peruvian Government To Protect Its Citizens’ Privacyhttps://www.eff.org/es/node/87528
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">In an open letter directed to the congress of Peru’s Commission on Constitution and Rules, a coalition of international human rights organizations have expressed their concern about <a href="http://www.hiperderecho.org/wp-content/uploads/2015/07/DL_1182.pdf">Legislative Decree 1182</a> (“DL 1182,” <a href="https://www.eff.org/deeplinks/2015/08/peruvian-stalker-law-will-be-reviewed-congress-we-can-still-stop-it">“Ley Acosadora,” or “Stalker Law” in English</a>)--a Peruvian bill that allows law enforcement access to mobile phone location data in cases of flagrante delicto without a warrant, and requires telecom companies to retain data for a period of three years thus violating the fundamental rights of millions of Peruvians. The Commission on Constitution and Rules will be responsible for reviewing the Stalker Law which has already been<a href="http://www.hiperderecho.org/wp-content/uploads/2015/07/DL_1182.pdf"> </a>signed by the President of Peru.</p>
<p dir="ltr"><a title="Click here to help stop the Stalker Law!" href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad"><img src="/files/2015/08/26/peruvian-stalker-law_0.jpg" alt="" height="326" width="651" /></a></p>
<p dir="ltr"></p>
<p dir="ltr"><a title="Take action against the Peruvian stalker law!" href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad"><img src="/files/2015/08/27/action-1b.png" alt="" height="53" width="162" /></a></p>
<p dir="ltr">It’s only been a month since the Stalker Law was introduced, and yet regional organizations and online advocates from all over the globe are calling on Peruvian lawmakers to reject it entirely.</p>
<p dir="ltr">Stated in the coalition letter: "We underscore that international human rights legislation and principles clearly state that surveillance measures should be preceded by considerations of necessity and proportionality, in light of their invasive nature".</p>
<p dir="ltr">EFF has been following this story since the day DL 1182 was <a href="https://www.eff.org/deeplinks/2015/07/peru-adopts-data-retention-decree-declares-location-data-no-longer-protected">introduced to the public</a>. Along with our partners Hiperderecho--a Peruvian NGO--and Access, we’ve created a space for citizens to contact their congressmen directly and express their concerns about the Stalker Law on our<a href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad"> Action Center</a>.</p>
<p dir="ltr"><em>Below is the letter signed by EFF and 25 organizations worldwide:</em></p>
<p dir="ltr"></p>
<blockquote><h2 dir="ltr">Statement by civil society organizations on the new state surveillance measures in Perú</h2>
<p dir="ltr">The undersigned individuals and organizations working for the defense of human rights on the internet write to urge the rejection of Legislative Decree 1182, enacted by the President of Perú at the end of July. This decree establishes new government surveillance tools in a way that contradicts international human rights standards.</p>
<p dir="ltr">The decree creates two obligations for Peruvian telecommunications providers. First, providers are ordered to provide the Peruvian national police with real-time location information about suspects of flagrant crimes, without a warrant. Second, the decree requires providers, including those that offer internet access services, to store communications metadata for three years.</p>
<p dir="ltr">Both ordered measures are illegal because they are incompatible with the human rights standards in the international treaties ratified by Perú. In particular, surveillance, including access to location information, that is pursued without a previous warrant fails to comply with the principle establishing that legitimate use of surveillance by law enforcement should be subject to independent review,<a href="https://eff.org/r.o2pz"> with strict guarantees against abuse</a>.</p>
<p dir="ltr">A court order for communications surveillance should only issue if a judicial authority determines that the substance of an application for communications surveillance meets the legal, substantive, and procedural requirements,<a href="http://bit.ly/1NERT36"> including the burden of proof</a>.</p>
<p dir="ltr">Government-mandated telecommunications data retention of all Peruvians for three years is an unnecessary and disproportionate measure for a democratic society. For this reason, such a policy harms privacy, freedom of expression, and data protection.</p>
<p dir="ltr">We understand that the fight against organized crime is a legitimate concern for governments trying to provide public security to its citizens. Nevertheless, the means and policies chosen by decision-makers should comply with basic human and civil rights standards including limits against potential abuse. We underscore that international human rights legislation and principles clearly state that surveillance measures should be preceded by considerations of necessity and proportionality, in light of their invasive nature. In order to be deemed proportional, surveillance should be limited to serious offenses and be used only when other less detrimental measures<a href="https://en.necessaryandproportionate.org/text"> have been exhausted or resulted useless</a>.</p>
<p dir="ltr">Consequently, we request the Commission of Constitution and Bylaws of the Peruvian Congress to reject Legislative Decree 1182 entirely, and we ask the three branches of government in Perú to redouble their efforts to apply human rights standards to any actual or future surveillance measures taking place in its territory.</p>
<h3 dir="ltr">Signatories:</h3>
<p dir="ltr">Access - Global</p>
<p dir="ltr">Electronic Frontier Foundation (EFF) - Global</p>
<p dir="ltr">DATA - Uruguay</p>
<p dir="ltr">TEDIC - Paraguay</p>
<p dir="ltr">Asociación por los Derechos Civiles - ADC - Argentina</p>
<p dir="ltr">Derechos Digitales - América Latina</p>
<p dir="ltr">Fundación Karisma- Colombia</p>
<p dir="ltr">Instituto Beta Para Internet e Democracia (IBIDEM) - Brasil</p>
<p dir="ltr">Sursiendo, Comunicación y Cultura Digital - México</p>
<p dir="ltr">Asociación para el Progreso de las Comunicaciones (APC) - Global</p>
<p dir="ltr">Usuarios Digitales - Ecuador</p>
<p dir="ltr">Instituto Panameño de Derecho y Nuevas Tecnologías (IPANDETEC)</p>
<p dir="ltr">Fundación Redes Para el Desarrollo Sostenible (REDES) - Bolivia</p>
<p dir="ltr">Acceso Libre - Venezuela</p>
<p dir="ltr">ACI-Participa (Honduras)</p>
<p dir="ltr">Colnodo - Colombia</p>
<p dir="ltr">La Quadrature du Net - Europa</p>
<p dir="ltr">Instituto Demos - Guatemala</p>
<p dir="ltr">Associated Whistleblowing Press (AWP) - Global</p>
<p dir="ltr">Asociación Trinidad/ Radio Viva - Paraguay</p>
<p dir="ltr">Cooperativa Tecnológica Primero de Mayo/Enlace Popular - México</p>
<p dir="ltr">Privacy International - Global</p>
<p dir="ltr">Nodo TAU - Argentina</p>
<p dir="ltr">Colectivo Actantes - Brazil</p>
<p dir="ltr">Open Net Korea - South Korea</p>
<p dir="ltr">Australian Privacy Foundation - Australia</p>
</blockquote>
</div></div></div>Wed, 26 Aug 2015 23:34:46 +0000davidbogado87528 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosThe Peruvian “Stalker Law” Will Be Reviewed By Congress, We Can Still Stop Ithttps://www.eff.org/es/node/87461
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">On July 27, Peru’s executive branch <a href="https://www.eff.org/deeplinks/2015/08/stalker-law-or-how-did-government-legalized-mass-surveillance-innocent-peruvians">adopted a legislative decree </a>(<a target="_blank" href="http://www.hiperderecho.org/wp-content/uploads/2015/07/DL_1182.pdf">DL 1182</a>) that allows warrantless access to Peruvians' location data, in cases of <a target="_blank" href="https://en.wikipedia.org/wiki/In_flagrante_delicto"><em>flagrante delicto</em></a>. The decree has been dubbed "Ley Acosadora," or in English, "the Stalker Law," because of the way it creates a new power for the government to track the movements of vulnerable mobile and Internet users. The law requires telephone operators and Internet service providers to retain, for three years, data of millions of Peruvians who communicate via fixed, mobile, and/or computers. The retained data is accessible by law enforcement agencies with a court order at anytime in the future. This decree was adopted without public consultation, one day before Peru’s independence day, and may take effect by September according to statements made by the <a href="http://publimetro.pe/actualidad/noticia-llamada-ley-stalker-se-aplicaria-partir-setiembre-37460">Peruvian deputy minister of justice</a>.</p>
<p class="image-right" dir="ltr"><a target="_blank" href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad"><img src="/files/2015/08/18/keyhole-eye-2-cc-min.jpg" alt="" height="232" width="464" /></a></p>
<p dir="ltr">However, the Peruvian Congressional Committee on Constitution and Regulations is set to<a href="http://www.americatv.com.pe/noticias/actualidad/ley-stalker-iberico-aseguro-que-norma-revisada-comision-consitucion-n191817"> review the decree</a> adopted by the Executive branch in the coming weeks. During the review, the committee will decide to repeal, reform or agree to the decree. Regardless of the decision, the committee opinion will pass through Congress in plenary sitting; if there are any changes, they will be voted on and adopted or rejected.</p>
<p dir="ltr">The data retention requirements of this decree alone would drastically change how state surveillance of communications are conducted in Peru. Instead of retaining data from suspected individuals, the law will reverse the presumption of innocence and oblige operators to retain communications data of an entire population, including those who are not suspected of any crime.</p>
<p dir="ltr">Together with our partners, <a href="http://www.hiperderecho.org/">Hiperderecho.org</a>, we’ve launched an online campaign to tell members of the Congressional Committee in Peru to protect our privacy and security in the digital age. Government-mandated data retention impacts millions of ordinary users. It compromises online anonymity, which is crucial for whistle-blowers, investigators, journalists, and those engaging in political speech. National data retention laws are invasive, costly, and damaging to the right to privacy and free expression. (To learn more about the danger of the bill read <a target="_blank" href="https://www.eff.org/es/node/87178">here,</a> <a target="_blank" href="http://www.hiperderecho.org/2015/07/norma-policia-geolocalizacion-sin-orden-judicial-1182/">here</a> and <a target="_blank" href="http://www.hiperderecho.org/wp-content/uploads/2015/08/resumen_dl1182.pdf">here</a>)</p>
<p dir="ltr"><strong>Take Action: The Stalker Law Affects Our Privacy and Creates Insecurity</strong></p>
<p dir="ltr">If you are Peruvian, you need to make your voice heard. Using <a target="_blank" href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad">EFF's action center</a>, you can communicate via Twitter with the members of the Constitutional Commission in Peru to suggest the prompt review of DL 1182. Choose a congressman, select a tweet, and post it through your Twitter account using our <a target="_blank" href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad">Action Center</a>. Tell your friends and family, too!</p>
<p dir="ltr">Lawmakers read your tweets, and if more Peruvians express concern about the Stalker Law, we can make a positive change to protect privacy and start a public discussion on how to effectively solve the problems of public safety. Insecurity, one of the arguments used to adopt the bill, will not be efficiently fought by violating the fundamental human rights of millions of innocent Peruvians.</p>
<p dir="ltr"><strong>Stalker Law Post on your website or on social networks</strong></p>
<p dir="ltr">We invite you to write about the dangers of this decree. On Twitter using the hashtag #LeyStalker, on other social media, or on your blog. Spread the news by sending links to articles, such as those written by <a href="http://www.hiperderecho.org//?s=Ley+stalker&amp;x=0&amp;y=0">Hiperderecho</a>. We need every Peruvian to know what's going on.</p>
<p dir="ltr"><strong>Follow Hiperderecho and EFF for updates</strong></p>
<p dir="ltr">As DL 1182 passes through the Constitutional Committee, take action and inform our allies about the problems with this dangerous legislation. To stay up-to-date on the status of the decree, follow Hiperderecho.org on Twitter, or Facebook. We will also be covering the latest developments on #LeyStalker here at EFF.</p>
</div></div></div>Wed, 19 Aug 2015 01:21:56 +0000katitza87461 at https://www.eff.orgCall To ActionInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosLey Stalker del Perú Será Revisada Por El Congreso, Y Aún Podemos Frenarlahttps://www.eff.org/es/deeplinks/2015/08/ley-stalker-del-peru-sera-revisada-por-el-congreso-y-aun-podemos-frenarla
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>El pasado 27 de Julio, el <a target="_blank" href="https://www.eff.org/es/deeplinks/2015/08/stalker-law-como-gobierno-peru-legalizo-vigilancia-ciudadanos">Poder Ejecutivo del Perú aprobó el Decreto Legislativo 1182</a> que permite al Estado acceder, en casos de flagrancia, a los datos de tu ubicación sin una orden judicial. Además obliga a las empresas operadoras de telefonía e Internet a retener los datos de millones de peruanos que se comunican a través de teléfonos fijos, móviles y/o computadoras por tres años. Los datos estarían disponibles por el Estado previa orden judicial para un posible uso futuro. La norma fue aprobada sin consulta pública y entraría en vigencia a partir de septiembre según declaraciones del<a href="http://publimetro.pe/actualidad/noticia-llamada-ley-stalker-se-aplicaria-partir-setiembre-37460"> viceministro de Justicia</a>.</p>
<p><a href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad"><img src="/files/styles/large/public/2015/08/17/keyhole-eye-2-b.jpg?itok=ZnVR421B" alt="" class="align-right" height="240" width="480" /></a></p>
<p>Sin embargo, en las próximas semanas, la Comisión de Constitución y Reglamento del Congreso del Perú <a href="http://www.americatv.com.pe/noticias/actualidad/ley-stalker-iberico-aseguro-que-norma-revisada-comision-consitucion-n191817">revisará el documento</a> enviado por el Ejecutivo. En esta etapa, el Congreso puede elegir derogar, reformar o dar su conformidad a la norma. Cualquiera sea la conclusión, este dictamen pasará al pleno del Congreso y de existir algún cambio, estos serán votados y convertidos en un cambio legal directo.</p>
<p>La Comisión debería tener en cuenta la preocupación del pueblo peruano por la seguridad ciudadana y adoptar medidas que busquen solucionar eficazmente este problema social, en vez de adoptar normas que pretenden dar una ilusión de seguridad pero terminan realmente afectando severamente nuestra privacidad.</p>
<p>Para hacerlo sencillo: las disposiciones de conservación de datos de tus comunicaciones, realizan un cambio mayor en el sistema legal de vigilancia de las comunicaciones. En vez de retener los datos de aquellos sospechosos de delito alguno, la norma invierte la presunción de inocencia y obliga a las empresas operadoras a retener masivamente los datos de la población entera, inclusive de aquellos que no son sospechosos de delito alguno.</p>
<p>La “Ley Acosadora” o “Ley Stalker” en idioma inglés, describe a una persona que utiliza la tecnología para espiar los movimientos en línea de otro. Junto con la ONG Hiperderecho, proponemos una acción para que llames la atención de los miembros de la Comisión de Constitución y Reglamento del Congreso peruano para que actúen y reformen la norma:</p>
<h3><a href="https://act.eff.org/action/la-ley-stalker-afecta-nuestra-privacidad-y-crea-inseguridad">Action Center: La Ley Stalker afecta nuestra privacidad y crea inseguridad</a></h3>
<p>A través de esta herramienta, puedes comunicarte vía Twitter con los miembros de la Comisión de Constitución para sugerirles la pronta revisión del DL 1182. Elige al congresista, selecciona un tuit y publícalo en tu cuenta a través del Action Center. Comparte la herramienta con tus amigos, tu familia, o con quien quieras.</p>
<p>Los congresistas podrán leer tus tuits, y si más ciudadanos expresan su preocupación sobre la Ley Stalker, podremos lograr un cambio positivo que proteja la privacidad mientras facilitamos una discusión pública que busquen resolver efectivamente los problemas de seguridad ciudadana.</p>
<p>Si eres peruano, únete a la campaña para que la Ley Stalker no pase por encima de nadie, porque la inseguridad, uno de los argumentos utilizados para crearla, no se combate eficientemente violando derechos fundamentales de millones de personas inocentes.</p>
<h3>Publica sobre la Ley Stalker en tu sitio web o en las redes sociales</h3>
<p>Te invitamos a escribir sobre los peligros de esta ley. En Twitter con el hashtag #LeyStalker, en Facebook, un post en tu blog, todas las opciones son válidas. Puedes compartir varios enlaces como el artículo de Hiperderecho en el cual <a href="http://www.hiperderecho.org/2015/08/plagio-leystalker-1182-geolocalizacion/">se ve el plagio de textos</a> que fueron utilizados para crear el DL 1182, o <a href="https://www.eff.org/es/deeplinks/2015/08/stalker-law-como-gobierno-peru-legalizo-vigilancia-ciudadanos">nuestro post que describe la problemática</a> de la Ley Acosadora.</p>
<h3>Sigue a Hiperderecho y EFF para más actualizaciones</h3>
<p dir="ltr">Conforme el DL 1182 pase a través de la Comisión de Constitución, nuestros aliados del Perú informarán lo que suceda con esta peligrosa normativa. A través del<a href="http://hiperderecho.org/"> sitio oficial</a> de Hiperderecho.org, <a href="http://www.twitter.com/hiperderecho">Twitter</a> o <a href="https://www.facebook.com/Hiperderecho">Facebook</a>. Desde EFF también iremos actualizando con las últimas novedades sobre la #LeyStalker.</p>
</div></div></div>Tue, 18 Aug 2015 11:00:00 +0000davidbogado87444 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosLey Stalker, o Cómo El Gobierno Legalizó La Vigilancia Masiva a Peruanos Inocenteshttps://www.eff.org/es/deeplinks/2015/08/stalker-law-como-gobierno-peru-legalizo-vigilancia-ciudadanos
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Los ciudadanos y ciudadanas del Perú entienden los peligros de la vigilancia omnipresente. El ex jefe de espionaje Vladimiro Montesinos, está cumpliendo una larga condena por corrupción y violaciones a los derechos humanos, ya que en el año 2000, autoridades locales incautaron unas 2.400 cintas hechas por Montesinos, con las que manipulaba a los oponentes políticos y a periodistas que grabó en vídeo, un escándalo conocido como los “<a href="https://es.wikipedia.org/wiki/Vladivideo">Vladivideos</a>”. Es por ello que muchos en aquel país entienden los peligros de un Estado con vigilancia generalizada.</p>
<p>La semana pasada, el Presidente de Perú Ollanta Humala firmó un <a href="http://www.elperuano.com.pe/NormasElperuano/2015/07/27/1268121-1.html">Decreto Legislativo</a> que permite a la policía <a href="https://www.eff.org/es/deeplinks/2015/07/peru-adopta-la-retencion-de-datos-informacion-localizacion-no-protegida">acceder, en casos de flagrancia, a los datos de localización</a> de cualquier teléfono móvil sin orden judicial previa. En otras palabras, las agencias del orden público peruanas ya no necesitan una autorización judicial que les permita acceder en tiempo real a los datos de localización. El Decreto también obliga a las proveedoras de internet locales y compañías de telefonía a retener los detalles de comunicaciones y ubicación de todos los ciudadanos peruanos por un periodo de tres (3) años. Los datos almacenados pueden ser accesibles a las autoridades policiales con una orden judicial para su uso a futuro.</p>
<p>Para hacerlo sencillo, con el nuevo Decreto, el gobierno del Perú ha cambiado de la vigilancia de los registros de comunicaciones basada en la sospecha individualizada, al registro masivo de comunicaciones para la vigilancia de personas comunes sin sospecha. No es de extrañar que los peruanos y peruanas han apodado al Decreto como la #LeyStalker, proveniente del término “acosador” en idioma inglés, que describe a una persona que utiliza la tecnología para espiar los movimientos en línea de otro, paso por paso.</p>
<p>Miguel Morachimo, Director de la ONG Hiperderecho de Perú, un aliado de EFF que <a href="http://www.hiperderecho.org/2015/07/norma-policia-geolocalizacion-sin-orden-judicial-1182/">ha analizado el contenido de la ley</a>, nos comentó:</p>
<blockquote><p>El Decreto Legislativo es problemático por lo que dice y también por lo que significa. Menciona que los metadatos de las comunicaciones no tienen protección a la privacidad alguna, y que deben ser masivamente retenidos. Ello constituye un gobierno que está tomando pasos dispuestos a debilitar las libertades que hemos recuperado en la última década. No debemos volver al pasado, asegurándonos que el imperio de la ley siga siendo la base de nuestra democracia en la era digital.</p></blockquote>
<p>En efecto, el recuerdo de la corrupción y el espionaje ilegal de Montesinos sigue vigente en el Perú, tal es así que incluso el Ministro del Interior José Luis Pérez Guadalupe, en un intentó de calmar a la población, <a href="http://elcomercio.pe/politica/gobierno/perez-guadalupe-nadie-quiere-volver-epoca-montesinos-noticia-1829554">declaró públicamente</a> que el Decreto de la Ley Stalker se distancia de las prácticas cometidas por el ex jefe de Inteligencia, pero sus palabras no hicieron mucho para que los usuarios de Internet expresen sus preocupaciones en línea sobre el Decreto Legislativo.</p>
<h3><b>Movilización en Línea</b></h3>
<p>Entre los usuarios de Twitter en Perú, #LeyStalker se convirtió de inmediato en tema popular (trending topic). El periodista e influyente blogger <a href="https://twitter.com/ocram">Marco Sifuentes</a> explicó a EFF a través de un correo electrónico:</p>
<blockquote><p>Gracias al movimiento en Twitter, Ley Stalker se convirtió de inmediato en trending topic, y luego pasó a la agenda nacional para llegar a las páginas de los principales periódicos. Perú tiene una tradición de derogar leyes abusivas cuando son peleadas principalmente desde las redes sociales, porque los políticos peruanos y los medios prestan mucha atención al activismo en línea. Esta vez no fue la excepción.</p></blockquote>
<p>La sociedad civil tampoco ha quedado solitaria en criticar a la Ley Stalker. En una entrevista hecha por RPP y levantada por El Comercio, el principal periódico del país, <a href="https://es.wikipedia.org/wiki/Juan_Luis_Cipriani">Juan Luis Cipriani</a>, el conservador Cardenal de Lima, <a href="http://elcomercio.pe/politica/actualidad/cipriani-critica-ley-stalker-no-hay-que-ir-al-facilismo-noticia-1830006">expresó preocupaciones</a> sobre la ley. El religioso dijo “está muy bien que pongas todos los medios para tratar de controlar de dónde vino [una llamada de extorsión o chantaje]”, pero que existe un hecho difícil de olvidar “de que haya una intervención de las comunicaciones”.</p>
<p>Tras estas declaraciones, el ex ministro del Interior del Perú Daniel Urresti criticó al sacerdote Cipriani al expresar que “es un cura y no un ingeniero de telecomunicaciones”, y agregó:</p>
<blockquote><p>“Yo lo recibí (al entonces proyecto) y la suerte es que mi especialidad es son las Telecomunicaciones y por eso es que también lo impulsé. <strong>Aquellos que tienen temor a esta norma, es porque desconocen la parte técnica</strong>”, según Urresti a Radio Exitosa.</p></blockquote>
<h3><b>Lo Digital es Diferente. Los Metadatos Importan</b></h3>
<p>Tal vez el ex Ministro Urresti, como experto en telecomunicaciones, debería explicar a la opinión pública cuan sensible es la información que las compañías de telecomunicaciones peruanas están obligadas a retener por tres años. Los datos de geolocalización pintan un retrato viviente de cuándo y dónde una persona va, incluso cuando está en su casa o ha pasado la noche en otro lugar y con quién. Dada la omnipresencia de los teléfonos celulares y el hecho que de las personas lo llevan consigo a cualquier parte, esa información puede ser más reveladora que los datos del GPS especialmente si se almacenan por largos periodos de tiempo.</p>
<p>(<a href="https://ssd.eff.org/es/module/el-problema-con-los-teléfonos-móviles">Más aquí acerca de cómo los gobiernos pueden espiar tu teléfono</a>)</p>
<p>Debió haber sido explicado que la Ley Stalker creó por primera vez en la legislación peruana una distinción legal entre metadatos y el contenido de las comunicaciones, y que sólo el contenido es sujeto a protección constitucional. De ahí que la Ley Stalker crea una falsa distinción en el nivel de protección que cada categoría amerita.</p>
<p>Como el resto del mundo se está dando cuenta poco a poco después de Snowden, la creciente abundancia de metadatos, así como las técnicas de agregado y análisis de las mismas, significa que “<a href="https://www.eff.org/deeplinks/2013/06/why-metadata-matters">solo los metadatos</a>” en sí revelan una cantidad devastadora de datos privados de los ciudadanos. La habilidad del gobierno peruano de recopilar metadatos de la población entera en un extenso periodo de tiempo y organizarlo con modernas técnicas de vigilancia, puede reunir fácilmente la viciosa visión que sólo Montesinos pudo haber soñado.</p>
<p>En un estudio hecho por <a href="http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/">investigadores de Stanford</a>, se descubrió que la información acerca de quién llama a quién puede inferir datos muy sensibles sobre ellos, como el hecho de que han recibido tratamiento médico por alguna condición en participar, que han comprado armas, o hasta que han realizado un aborto, entre otras cosas.</p>
<ul><li>Los datos del movimiento de las personas revelan cuestiones religiosas, médicas, sexuales y políticas sensibles; por el tipo de servicios religiosos, reuniones políticas, y especialidades médicas a los que asistieron.</li>
<li>Los datos acerca de la proximidad o la falta de proximidad de varias personas entre sí puede revelar quiénes fueron a una protesta, el inicio o el final de una relación amorosa, o la infidelidad conyugal de una persona.</li>
</ul><h3><b>La Erosión de las Fuentes Periodísticas</b></h3>
<p>Las consecuencias de una obligación de retener datos son de largo alcance, pero uno de los resultados particularmente preocupante es la eliminación del derecho de periodistas a proteger la confidencialidad de sus fuentes ante pedidos de evidencia por parte de las autoridades.</p>
<p>En <a href="https://www.eff.org/deeplinks/2012/04/european-data-retention-directive-work-polish-authorities-abuse-access-data">Polonia</a>, los medios reportaron sobre dos importantes casos en los que agencias de inteligencia utilizaron los datos de tráfico y de usuarios para <a href="http://panoptykon.org/wiadomosc/billingowanie-naruszenie-praw-dziennikarza-opinia-fundacji-w-precedensowym-procesie">ilegalmente revelar fuentes periodísticas</a>. En <a href="http://www.spiegel.de/international/business/spy-scandal-grows-telekom-accused-of-tracking-journalists-mobile-phone-signals-a-556741.html">Alemania</a>, la compañía Deutsche Telekom utilizó en forma irregular datos de tráfico de telecomunicaciones y datos de ubicación para espiar a unos 60 individuos, entre ellos periodistas, empresarios y líderes sindicales para obtener filtraciones. Y un caso <a href="http://www.tjmcintyre.com/2011/02/judges-report-reveals-allegations-that.html">particularmente flagrante en Irlanda</a>, un oficial de policía utilizó los datos almacenados de comunicaciones para espiar las actividades telefónicas de su ex pareja.</p>
<h3><b>La Falsa Sensación de Seguridad</b></h3>
<p>Las leyes nacionales de retención de datos son invasivas, costosas, y dañan el derecho a la privacidad y a la libre expresión. Obligan a las ISPs y las telefonías a crear enormes bases de datos con información de con quién nos comunicamos a través de nuestros teléfonos, la duración de la llamada y la geolocalización del usuario. Los riesgos a la privacidad aumentan cuando estas <a href="http://www.edri.org/edrigram/number8.20/data-retention-lives-risk">bases de datos se vuelven vulnerables</a> al robo y a la revelación accidental. Las proveedoras de servicios de telecomunicaciones deben absorber los costos de almacenar y mantener estas vastas bases de datos, frecuentemente trasladando los costos a los consumidores.</p>
<p>Si bien es cierto que en Perú se cometen graves crímenes que merecen atención real de los encargados de políticas públicas, incluyendo la protección a las víctimas de abusos, debemos asegurarnos que las medidas que el gobierno toma para combatir delitos no crean una falsa sensación de seguridad.</p>
<p>Sobre este punto, el abogado experto en telecomunicaciones Abel Revoredo, se mostró de acuerdo que mientras la ley Stalker podría tener objetivos nobles como la lucha contra la delincuencia, los asesinatos, las extorsiones y secuestros, “lo que se está haciendo aquí... es poner en riesgo derechos ciudadanos porque [con la Ley Stalker] no se pueden solucionar problemas burocráticos en la relación entre dos instituciones del Estado, como son el Poder Judicial y la Policía”, sentenció en una <a href="https://www.youtube.com/watch?v=k745w6GNAfs">entrevista con el videoblogger peruano</a> Luis Carlos Burneo.</p>
<h3><b>Próximos Pasos</b></h3>
<p>Todavía hay tiempo para revocar la ley. En un post, <a href="http://www.hiperderecho.org/2015/07/y-ahora-que-hacemos-con-el-decreto-legislativo-1182/">Miguel Morachimo ha explicado</a> que de acuerdo a las normas del Congreso, el Presidente está obligado a notificar al citado poder del Estado de los Decretos Legislativos, y el Congreso es responsable de someter el caso a consideración de una Comisión competente.</p>
<p>Entonces, “la Comisión designada tendrá que presentar un dictamen en el que evalúe su conformidad con la Constitución y el marco de la delegación de facultades otorgado por el Congreso. De encontrar incongruencias, el Reglamento establece que dicha Comisión puede su recomendar su derogación o modificación para subsanar el exceso o la contravención, sin perjuicio de la responsabilidad política de los miembros del Consejo de Ministros”.</p>
<p>Perú no puede estar a su suerte en esta pelea. Cada país que rechaza la retención de datos, desde el continente europeo hasta Paraguay, fortalece los argumentos para rechazarla a escala global. Cada país que es víctima de la retención de datos, desde Australia a Colombia, presiona a otros Estados a adoptarla para sus propias legislaturas. Es una lucha global, una que requiere solidaridad y unión internacional para luchar contra la retención de datos. Los necesitamos. Únete a esta lucha contra la #LeyStaker.<br /><b>Referencias</b></p>
<p>Miguel Morachimo: <a href="http://www.hiperderecho.org/2015/07/norma-policia-geolocalizacion-sin-orden-judicial-1182/">Nueva norma permite a la Policía saber dónde está cualquier persona sin orden judicial</a>.</p>
<p>Abel Revoredo sobre la Ley Stalker: <a href="https://www.youtube.com/watch?v=k745w6GNAfs">https://www.youtube.com/watch?v=k745w6GNAfs</a></p>
<p>International Principles on the Application of Human Rights to Communications Surveillance, updated July 2014:<a href="https://en.necessaryandproportionate.org/text"> https://en.necessaryandproportionate.org/text</a></p>
<p>EFF, Article 19: Legal Analysis and Background Materials to the International Principles on the Application of Human Rights to Communications Surveillance, May 2014: <a href="https://en.necessaryandproportionate.org/LegalAnalysis">https://en.necessaryandproportionate.org/LegalAnalysis</a></p>
<p>El Derecho a la Privacidad en la Era Digital: <a href="http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx">http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx</a></p>
<p>Report of the High Commissioner for Human Rights on the right the privacy in the digital age: <a href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf">http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf</a></p>
<p>Annual Report of the Inter-American Commission on Human Rights 2013. Annual Report of the Office of the Special Rapporteur for Freedom of Expression: <a href="http://www.oas.org/en/iachr/expression/docs/reports/2014_04_22_%20IA_2013_ENG%20_FINALweb.pdf">http://www.oas.org/en/iachr/expression/docs/reports/2014_04_22_%20IA_2013_ENG%20_FINALweb.pdf</a></p>
<p>Human Rights Committee, General Comment 27, Freedom of movement (Art. 12), U.N. Doc CCPR/C/21/Rev.1/Add.9 (1999): <a href="http://www1.umn.edu/humanrts/gencomm/hrcom27.htm">http://www1.umn.edu/humanrts/gencomm/hrcom27.htm</a></p>
<p>UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms While Countering Terrorism, A/HRC/13/37UN</p>
<p>Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, A/HRC/23/40</p>
</div></div></div>Mon, 03 Aug 2015 17:09:26 +0000davidbogado87180 at https://www.eff.orgPolicy AnalysisInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosStalker Law, or How Did The Government Legalize Mass Surveillance of Innocent Peruvianshttps://www.eff.org/es/node/87178
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr" id="docs-internal-guid-6f3bd45f-f1b4-2941-1964-7d572b6a2281"><span>Peruvians understand the dangers of pervasive surveillance. Peru's ex-spy chief, Vladimiro Montesinos is serving a long jail sentence for corruption and human rights abuses. In 2000, Peruvian authorities</span><a href="http://www.latinamericanstudies.org/peru/montesinos-snared.htm"><span> </span><span>seized about 2,400 videotapes</span></a><span> made by Montesinos, which he used to manipulate political opponents and journalists whom he caught on film, a scandal also known as the “Vladivideos”. That’s why so many in the country recognise the dangers of a pervasive surveillance state.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Last week,</span><span> the Peruvian President </span><span><span></span><span>adopted a</span></span><span><span><span><span> </span><a href="http://www.elperuano.com.pe/NormasElperuano/2015/07/27/1268121-1.html"><span>new Decree</span></a><span> which</span></span></span> </span><a href="https://www.eff.org/deeplinks/2015/07/peru-adopts-data-retention-decree-declares-location-data-no-longer-protected"><span>allows the police to access location data</span></a><span> of any cell phone without a prior court authorization. In other words, law enforcement agencies in Peru no longer need a court order allowing real-time access to localization data. </span><a href="http://www.elperuano.com.pe/NormasElperuano/2015/07/27/1268121-1.html"><span>The Decree</span></a><span> also compels local ISPs and telephone companies to retain communications and location details of the entire Peruvian population for a period of three years. The retained data could be accessible to law enforcement with a court order for possible use in the future.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Put simply, with the new Decree, the Peruvian government has shifted from surveillance of communications records based on individualized suspicion to the mass untargeted collection of communications data of ordinary, non-suspect people. No wonder it’s been dubbed by Peruvians as #Leystalker (“Stalker Law”), which has been described as someone who uses technology to spy on people every online movement, step-by-step.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Miguel Morachimo, Director of the Peruvian NGO Hiperderecho, an EFF ally who </span><a href="http://www.hiperderecho.org/2015/07/norma-policia-geolocalizacion-sin-orden-judicial-1182/"><span>has been analyzing the law</span></a><span> in Peru, told us:</span></p>
<blockquote><p dir="ltr"><span>“This legislative decree is troubling for what it says and also for what it means. It says that communications metadata is not protected under privacy protections and should be massively storaged. And it represents a government that is taking steps willingly to undermine the freedoms that we just recovered the past decade. We must not return to the past and ensure that the rule of law remains the foundation of our democracy in the digital age”</span></p>
</blockquote>
<p dir="ltr"><span>Indeed, Montesinos’ legacy of corruption and illegal spying is still live in Peru, so much so that even the Interior</span><a href="http://elcomercio.pe/politica/gobierno/perez-guadalupe-nadie-quiere-volver-epoca-montesinos-noticia-1829554"><span> Minister José Luis Pérez Guadalupe</span></a><span> wanted to calm the population, making public statements to distance the Stalker Law from the practices committed by the convicted former chief of Peru’s secret service, but his declarations in the media did nothing to stop Internet users to express their concerns to the Legislative Decree <strong>through</strong> the Internet.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><strong><span>Online Mobilization</span></strong></p>
<p dir="ltr"></p>
<p dir="ltr"><span>#Leystalker immediately became a trending topic in the Peruvian Twitter community. </span><a href="https://twitter.com/ocram"><span>Journalist and influential blogger,</span></a><span> Marco Sifuentes, explained in an email to EFF:</span></p>
<blockquote><p dir="ltr"><span>“Thanks to the movement on Twitter, Ley Stalker became a trending topic, then jumped into the national agenda and ended up on the front pages of major newspapers. Peru has a tradition to repeal abusive laws when they are fought mainly from social networks. Peruvian politicians and the media pay much attention to online activism. This time was no exception.”</span></p>
</blockquote>
<p><span>But civil society is not alone in criticizing Ley Stalker. In an interview to the main peruvian newspaper, El Comercio, the conservative archbishop of Lima </span><a href="https://es.wikipedia.org/wiki/Juan_Luis_Cipriani"><span>Juan Luis Cipriani</span></a><span> </span><a href="http://elcomercio.pe/politica/actualidad/cipriani-critica-ley-stalker-no-hay-que-ir-al-facilismo-noticia-1830006"><span>raised serious concerns against #LeyStalker</span></a><span>. Cipriani added:"It is great that you put all means to try to control where [a phone call of extortion or blackmail] came from”, but there is a problem that is not easy to forget: “that there is interception of communication” referring to Stalker Law.</span></p>
<p dir="ltr"><span>Former Interior Minister </span><a href="http://www.radioexitosa.pe/politica/expl65612-daniel-urresti-sobre-ley-stalker-cipriani-es-cura-no-ingeniero-en-telecomunicaciones"><span>Daniel Urresti,</span></a><span> criticized the archbishop of Lima, in a local radio interview, saying that “Cipriani is a priest, not a telecommunications engineer” referring to Monsieur Cardinal’s opinion on the Stalker Law. He added:</span></p>
<blockquote><p dir="ltr"><span>"I got lucky and that my specialty is Telecommunication and that's why I push for the bill. Those who are afraid of this standard, it is because they lack the technical side", Urresti told Radio Exitosa. </span></p>
</blockquote>
<p dir="ltr"><strong><span>Digital is Different - Metadata Matters</span></strong></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Perhaps Mr. Urresti, as a telecommunication expert, should have explained to the public how sensitive the information that Peruvian telcos are compelled to retain for three years really is. Location data paints a vivid portrait of when and where a person goes, including when a person is at home or spends the night somewhere else and with whom. Given the ubiquity of cellphones and the fact people carry them almost everywhere, the information can be more revealing than GPS information especially if this information is retained for longer periods of time. (</span><a href="https://ssd.eff.org/en/module/problem-mobile-phones"><span>Read more to learn how governments can spy on your mobile phone</span></a><span>).</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>It should have been explained that the Stalker Law creates for the first time in Peruvian law a legal distinction between metadata and communications content and that only content is subject to constitutional protection. Hence, the Stalker Law creates a false distinction on the level of protection that each category merits.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>As</span><span> </span><span>the rest of the world is slowly realizing post-Snowden, the increasing abundance of metadata, and the techniques for aggregating and analyzing it, means that “</span><a href="https://www.eff.org/deeplinks/2013/06/why-metadata-matters"><span>mere metadata</span></a><span>” on its own reveals a devastating amount about private citizens. The Peruvian government’s ability to gather extraordinarily sensitive metadata such as location data on an entire population, over a long period of time, and organize it using modern surveillance techniques, can easily garner the kind of vicious insight that Montesinos’ could only have dreamed of. </span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>In a study, Stanford researchers </span><a href="http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/"><span>found experimentally</span></a><span> that information about who people call can be used to infer extraordinarily sensitive facts about them, including the fact that they sought and received treatment for particular medical conditions, that they had an abortion, and that they purchased firearms, among other things.</span></p>
<p dir="ltr"></p>
<ul><li dir="ltr">
<p dir="ltr"><span>Information about where people go reveals sensitive religious, medical, sexual, and political information, including the kinds of religious services, political meetings, and medical specialists a person attended or met with. </span></p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr"><span>Information about the proximity or lack of proximity of multiple people to one another can reveal everyone who attended a protest, the beginning or end of a romantic relationship, or a person's marital infidelity.</span></p>
</li>
</ul><p dir="ltr"><span>Erosion of Journalistic Sources</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>The consequences of data retention mandates are far-reaching, but one particularly troubling outcome is the erosion of journalists’ right to refuse to hand over evidence to law enforcement to protect the confidentiality of their sources. In</span><a href="https://www.eff.org/deeplinks/2012/04/european-data-retention-directive-work-polish-authorities-abuse-access-data"><span> </span><span>Poland</span></a><span>, the media reported on two major cases where intelligence agencies used retained traffic and subscriber data to illegally disclose</span><a href="http://panoptykon.org/wiadomosc/billingowanie-naruszenie-praw-dziennikarza-opinia-fundacji-w-precedensowym-procesie"><span> </span><span>journalistic sources</span></a><span>. In Germany, Deutsche Telekom illegally used telecom traffic and location data to</span><a href="http://www.spiegel.de/international/business/spy-scandal-grows-telekom-accused-of-tracking-journalists-mobile-phone-signals-a-556741.html"><span> </span><span>spy on about 60 individuals</span></a><span>—including journalists, managers and union leaders—in order to try to find leaks. And in a particularly</span><a href="http://www.tjmcintyre.com/2011/02/judges-report-reveals-allegations-that.html"><span> </span><span>egregious case</span></a><span> from Ireland, a law enforcement officer reportedly used retained communications data to spy on her ex-boyfriend’s phone activities.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><strong><span>False Sense of Security</span></strong></p>
<p dir="ltr"></p>
<p dir="ltr"><span>National data retention laws are invasive, costly, and damage the rights to privacy and free expression. They compel ISPs and telcos to create large databases of information about who communicates with whom via our phones, the duration of the exchange, and the user’s location. Privacy risks increase as these databases become</span><a href="http://www.edri.org/edrigram/number8.20/data-retention-lives-risk"><span> </span><span>vulnerable</span></a><span> to theft and accidental disclosure. Service providers must absorb the expense of storing and maintaining these large databases and often pass these costs onto consumers.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>While there are serious crimes in Peru that deserve real attention by policy-makers including protecting victims of abuse, we must ensure that the measures the government takes to combat those crimes are effective and do not create a false sense of security. </span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>On this point, Abel Revoredo an experienced Peruvian lawyer in Telecommunications, agreed that while the Stalker Law might have noble goals such as fighting crime, killings, extortions and kidnappings, “What is really being done here . . . risks our rights because [Ley Stalker] can not solve the bureaucratic problems in the relationship between two government institutions such as the judiciary and the police," he concluded in an interviewed by the </span><a href="https://www.youtube.com/watch?v=k745w6GNAfs"><span>Peruvian videoblogger Luis Carlos Burneor</span></a><span>.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Next Steps</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>There is still time to repeal the bill. In a blogpost, Miguel </span><a href="http://www.hiperderecho.org/2015/07/y-ahora-que-hacemos-con-el-decreto-legislativo-1182/"><span>Morachimo explained</span></a><span> that according to the rules of Congress, the President is obliged to notify Congress of the legislative decrees and Congress is responsible to refer the case to the competent Congressional Commission. Then, “the Congressional Commission will have to submit an opinion to assess their conformity with the Constitution and the delegation of authority granted by Congress. If inconsistencies are found, the rules provides that the Commission may recommend to repeal or modify the Decree to correct the excess or the violation, notwithstanding the political accountability of members of the Cabinet,” </span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Peru cannot be alone in this fight. Every nation – from Europe to Paraguay – that rejects data retention, strengthens the arguments in favor of rejecting it globally. Every country that falls prey to data retention law, from Australia to Colombia, encourages other states to press for it in their own legislatures. It's a global fight, and one that will require solidarity and a global alliance against data retention to combat it. We need you. Join this fight against #leystalker.</span></p>
<p><strong>References</strong></p>
<p dir="ltr">Miguel Morachimo: <a href="http://www.hiperderecho.org/2015/07/norma-policia-geolocalizacion-sin-orden-judicial-1182/">Nueva norma permite a la Policía saber dónde está cualquier persona sin orden judicial (in Spanish)</a></p>
<p dir="ltr">Abel Revoredo on the Stalker Law: <a href="https://www.youtube.com/watch?v=k745w6GNAfs">https://www.youtube.com/watch?v=k745w6GNAfs</a></p>
<p dir="ltr">International Principles on the Application of Human Rights to Communications Surveillance, updated July 2014:<a href="https://en.necessaryandproportionate.org/text"> https://en.necessaryandproportionate.org/text</a></p>
<p dir="ltr">EFF, Article 19: Legal Analysis and Background Materials to the International Principles on the Application of Human Rights to Communications Surveillance, May 2014: <a href="https://en.necessaryandproportionate.org/LegalAnalysis">https://en.necessaryandproportionate.org/LegalAnalysis</a></p>
<p dir="ltr">The Right to Privacy in the Digital Age: <a href="http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx">http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx</a></p>
<p dir="ltr">Report of the High Commissioner for Human Rights on the right the privacy in the digital age: <a href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf">http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf</a></p>
<p dir="ltr">Annual Report of the Inter-American Commission on Human Rights 2013. Annual Report of the Office of the Special Rapporteur for Freedom of Expression: <a href="http://www.oas.org/en/iachr/expression/docs/reports/2014_04_22_%20IA_2013_ENG%20_FINALweb.pdf">http://www.oas.org/en/iachr/expression/docs/reports/2014_04_22_%20IA_2013_ENG%20_FINALweb.pdf</a></p>
<p dir="ltr">Human Rights Committee, General Comment 27, Freedom of movement (Art. 12), U.N. Doc CCPR/C/21/Rev.1/Add.9 (1999): <a href="http://www1.umn.edu/humanrts/gencomm/hrcom27.htm">http://www1.umn.edu/humanrts/gencomm/hrcom27.htm</a></p>
<p dir="ltr">UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms While Countering Terrorism, A/HRC/13/37UN</p>
<p dir="ltr">Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, A/HRC/23/40</p>
</div></div></div>Mon, 03 Aug 2015 04:11:39 +0000katitza87178 at https://www.eff.orgPolicy AnalysisInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosPeru Adopts Data Retention Decree: Declares Location Data No Longer Protectedhttps://www.eff.org/es/node/87053
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">The Peruvian President today<a href="http://www.elperuano.com.pe/NormasElperuano/2015/07/27/1268121-1.html"> adopted</a> a legislative decree that will grant the police warrantless access to real time user location data on a 24/7 basis. But that’s not the worst part of the decree: it compels telecom providers to retain, for one year, data on who communicates with whom, for how long, and from where. It also allows the authorities access to the data in real time and online after seven days of the delivery of the court order. Moreover, it compels telecom providers to continue to retain the data for 24 more months in electronic storage. Adding insult to injury, the decree expressly states that location data is excluded from the privacy of communication guaranteed by the Peruvian Constitution.</p>
<p dir="ltr">The decree was adopted with no public consultation by the Executive Branch on the basis of a mandate from the Peruvian Congress to legislate on general public safety and the fight against crime. Moreover, the decree was adopted one day before the celebrations of Peru's independence, a set of holidays that coincides with vacation for most local schools and businesses.</p>
<p dir="ltr">In <a target="_blank" href="http://www.hiperderecho.org/2015/07/norma-policia-geolocalizacion-sin-orden-judicial-1182/">response to the adoption of the decree</a>, Peruvian digital rights expert and Director of the Peruvian NGO Hiperderecho <a href="http://www.hiperderecho.org/">Miguel Morachimo</a> told EFF:</p>
<blockquote><p dir="ltr">”This law makes one clear mistake: assuming that geolocalization data from cellphones is not protected by the privacy safeguards under Peruvian Constitution. Following that line of reasoning, the government lifts any kind of protection for this data and gives unfettered access to it to the police and mandates ISPs to retain communications data for up to three years. Any policy like that is controversial in itself, but the fact that it was directly approved by the Executive Branch without prior debate and in the middle of national holiday season is especially undemocratic”.</p>
</blockquote>
<p dir="ltr">The decree has significant potential for abuse of its new powers. It <a href="https://ssd.eff.org/es/module/el-problema-con-los-tel%C3%A9fonos-m%C3%B3viles">ignores the fact</a> that most cellular phones today constantly transmit detailed location data about every individual to their carriers, and that all this location data is housed in one place—with the telecommunications service provider. The police will have access to more precise, more comprehensive and more pervasive data than would ever have been possible with the use of the interception of the content of communications. The Peruvian government should have been more sensitive to the fact that mobile companies are now recording detailed footprints of our daily lives.</p>
<p dir="ltr"><strong>International human rights standards</strong></p>
<p>By stating that location data is excluded from guarantees in the Peruvian Constitution of the privacy of communications, the decree contradicts international human rights standards:</p>
<p dir="ltr">On the question of whether communications metadata is protected by the right to privacy, the Inter-American Court of Human Rights decision in <em><a target="_blank" href="http://www.corteidh.or.cr/docs/casos/articulos/seriec_200_esp1.pdf">Escher v. Brasil</a></em> makes clear that both content and metadata are protected: </p>
<blockquote><p dir="ltr">“[The right to privacy] applies to telephone conversations irrespective of their content and can even include both the technical operations designed to record this content by taping it and listening to it, or any other element of the communication process; for example, the destination or origin of the calls that are made, the identity of the speakers, the frequency, time and duration of the calls, aspects that can be verified without the need to record the content of the call by taping the conversation. In brief, the protection of privacy is manifested in the right that individuals other than those conversing may not illegally obtain information on the content of the telephone conversations or other aspects inherent in the communication process, such as those mentioned.”</p>
</blockquote>
<p dir="ltr">Moreover, the 2014 UN High Commissioner on Human Rights report (<a target="_blank" href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf">A/HRC/27/37</a> - PDF) on the right to privacy in the digital age emphasized:</p>
<blockquote><p dir="ltr">“19. [...] it has been suggested that the interception or collection of data about a communication, as opposed to the content of the communication, does not on its own constitute an interference with privacy. From the perspective of the right to privacy, this distinction is not persuasive. The aggregation of information commonly referred to as “metadata” may give an insight into an individual’s behaviour, social relationships, private preferences and identity that go beyond even that conveyed by accessing the content of a private communication. [...]</p>
<p dir="ltr">"20. It follows that any capture of communications data is potentially an interference with privacy and, further, that the collection and retention of communications data amounts to an interference with privacy whether or not those data are subsequently consulted or used. Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights, including those to free expression and association. The very existence of a mass surveillance programme thus creates an interference with privacy.”</p>
</blockquote>
<p dir="ltr">Policy makers must understand that the adoption of broad surveillance powers without adequate safeguards undermines the privacy and security of citizens, and is therefore incompatible with their international human rights obligations. For any surveillance measure to be legal under international human rights law, it must be prescribed by law. It must be “necessary” to achieve a legitimate aim and “proportionate” to the desired aim. This requirement is important to ensure that the government does not adopt surveillance measures that threaten the foundations of a democratic society.</p>
<p dir="ltr">The thirteen <a href="https://necessaryandproportionate.org/">Necessary and Proportionate Principles</a> in particular, and international human rights law more generally, are premised on the assumption that interferences with fundamental rights must be dealt with on a case-by-case basis. In this context, data retention mandates for innocent individuals, by their very nature, eradicate any consideration of proportionality and due process in favor of the indiscriminate interference with the right to privacy—and could not be compatible with States’ human rights obligations. Peru must turn back from the dead-end path of data retention mandates, and uphold its international human rights obligations.</p>
<p dir="ltr"><strong>What Location Tracking Looks Like</strong></p>
<p dir="ltr">In the meantime, Peruvian citizens should consider requesting access to their own personal data retained by their mobile company in accordance with Peruvian Data Protection Law. In Germany, the politician and privacy advocate<a href="http://www.malte-spitz.de/"> Malte Spitz</a> used a similar local data protection law—which like laws in many European countries, gives individuals a right to know what kinds of data private companies retain about them—to force his cell phone carrier to reveal what records it had on him. He received <a href="https://www.eff.org/deeplinks/2011/03/what-location-tracking-looks">35,831 different</a> facts about his cell phone use over the course of six months, revealing vast amounts of personal information. To demonstrate just how intrusive this data is, Spitz chose to make it all available to the public. Watch this <a href="http://www.zeit.de/datenschutz/malte-spitz-data-retention">remarkable interactive map</a> of Spitz’s location information if you haven’t done so already.</p>
<p dir="ltr">It is time to educate all of our legislators and the general public that sensitive data warrants strong legal protections, not an all-access pass. We hope Peruvian human rights advocates evaluate all necessary legal options for challenging the legality of the measure. EFF will continue to report on mobile and online surveillance in Peru, and delve into the decree in more depth in the days to come.</p>
<p dir="ltr">More information in Spanish: <a target="_blank" href="http://www.hiperderecho.org/2015/07/norma-policia-geolocalizacion-sin-orden-judicial-1182/">Nueva norma permite a la Policía saber dónde está cualquier persona sin orden judicial</a></p>
</div></div></div>Mon, 27 Jul 2015 21:49:36 +0000katitza87053 at https://www.eff.orgLegislative AnalysisMandatory Data RetentionVigilancia de Estado & Derechos HumanosPrivacyU.N. Special Rapporteur Calls Upon States to Protect Encryption and Anonymity Onlinehttps://www.eff.org/es/node/86163
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">Last Thursday, David Kaye, the U.N's newest free speech watchdog, released a <a href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Documents/A.HRC.29.32_AEV.doc">groundbreaking report</a> calling upon states to promote strong encryption and anonymity. Kaye assumed the <a href="http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/OpinionIndex.aspx">role of Special Rapporteur</a> for Freedom of Expression in August 2014, and this, his first report, will be presented at the <a href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session29/Pages/29RegularSession.aspx">29th regular session</a> of the United Nations Human Rights Council in Geneva mid-June.</p>
<p dir="ltr">His analysis comes at a key moment. The ability to communicate anonymously and to use encryption is more important than ever and the Rapporteur rightly notes that privacy is a gateway for freedom of opinion and expression, saying:</p>
<blockquote><p dir="ltr">“Encryption and anonymity, today’s leading vehicles for online security, provide individuals with a means to protect their privacy, empowering them to browse, read, develop and share opinions and information without interference and enabling journalists, civil society organizations, members of ethnic or religious groups, those persecuted because of their sexual orientation or gender identity, activists, scholars, artist and others to exercise the rights to freedom of expression and opinion.” </p>
</blockquote>
<p dir="ltr">We strongly agree.</p>
<p dir="ltr">Moreover, these critical tools are increasingly under attack by states around the world, with little understanding of the human rights consequences. We’ve learned from Edward Snowden about<a href="https://www.eff.org/files/2014/01/03/cryptowarsonepagers-1_cac.pdf"> the NSA’s long-standing</a> systematic effort to sabotage the encryption used by individuals and businesses around the world. At the same time, several governments are seeking new powers (or threatening) to force companies to provide government access to encrypted communications in their products or services (<a href="http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-and-snapchat-could-be-banned-under-new-surveillance-plans-9973035.html">United Kingdom</a>, <a href="https://www.eff.org/deeplinks/2014/10/eff-response-fbi-director-comeys-speech-encryption">United States</a>).</p>
<p dir="ltr">Some states forbid anonymity in their constitutions (<a target="_blank" href="https://www.eff.org/deeplinks/2015/02/marco-civil-devil-detail">Brazil</a>, Venezuela); others have attempted to outlaw the use of pseudonyms (Vietnam), block the use of anonymity tools (<a target="_blank" href="https://globalvoicesonline.org/2015/02/25/belarus-bans-tor-and-other-anonymizers/">Belarus</a>), require mandatory registration for blogging (<a target="_blank" href="https://www.eff.org/files/2015/02/10/unanonymity-encryption-eff.pdf">Russia</a>), or compel SIM card and device registration. Yet more have proposed or have implemented compulsory data retention regimes that can strip anonymity from most users (<a target="_blank" href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">Paraguay</a>, <a href="http://www.digitalrightslac.net/es/la-retencion-de-datos-en-colombia-una-de-las-mas-largas-del-mundo/">Colombia</a>, <a target="_blank" href="https://www.eff.org/deeplinks/2014/08/australia-and-mexico-must-overhaul-data-retention-mandates">Mexico</a>, <a target="_blank" href="http://www.cnet.com/au/news/mandatory-data-retention-laws-pass-parliament/">Australia</a>, and some <a target="_blank" href="https://edri.org/hungarian-data-retention-case-org-pi-and-scholars-file-amicus-briefs/">European countries</a>).</p>
<p dir="ltr">While anonymity and encryption have both been misrepresented solely as a tool for criminal behavior, the report helps clarify the broad range of essential functions encryption and anonymity play in a free and democratic society. The report emphasizes the role they play in a lesser noticed “right to hold opinions without interference,” noting that this right is absolute, unlike other rights that may be restricted by law or other power. The Rapporteur notes, rightly, that people hold their opinions digitally, saving their views and their search and browse histories, making the link between the absolutely right to hold opinions and the need to secure the media that hold them. Kaye also notes the other rights implicated by encryption and anonymity: </p>
<blockquote><p dir="ltr">“Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age. Such security may be essential for the exercise of other rights, including economic rights, privacy, due process, freedom of peaceful assembly and association, and the right to life and bodily integrity.”</p>
</blockquote>
<p dir="ltr">Kaye’s report recommends that member states:</p>
<ul><li dir="ltr">
<p dir="ltr">Promote strong encryption and anonymity. National laws should recognize that individuals are free to protect the privacy of their digital communications by using encryption technology and tools that allow anonymity online.</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Include provisions (legislation and regulations) enabling access and support to use technologies to secure human rights defenders and journalist communications.</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Prohibit restrictions on encryption and anonymity, which facilitate and often enable the rights to freedom of opinion and expression. Blanket prohibitions fail to be necessary and proportionate.</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Avoid all measures that weaken the security that individuals may enjoy online, such as backdoors, weak encryption standards and key escrows. On backdoors he echoes the points raised by the security community noting that: “a backdoor, even if intended solely for government access, can be accessed by unauthorized entities, including other States or non-State actors. Given its widespread and indiscriminate impact, back-door access would affect, disproportionately, all online users.”</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Refrain from making the identification of users a condition for access to digital communications and online services and requiring SIM card registration for mobile users.</p>
</li>
</ul><ul><li dir="ltr">
<p dir="ltr">Court-ordered decryption, subject to domestic and international law, may only be permissible when it results from transparent and publicly accessible laws applied solely on a targeted, case-by-case basis to individuals (i.e., not to a mass of people) and subject to judicial warrant and the protection of due process rights of individuals.</p>
</li>
</ul><p dir="ltr">Kaye also rejects data retention mandates, embraces the <a target="_blank" href="https://www.manilaprinciples.org">Manila Principles</a> on intermediary liability and the <a target="_blank" href="https://necessaryandproportionate.org/text">13 Necessary and Proportionate Principles</a> that EFF helped draft. The report also call upon companies to:</p>
<ul><li dir="ltr">
<p dir="ltr">Review their own corporate policies that restrict encryption and anonymity (including through the use of pseudonyms).</p>
</li>
</ul><p dir="ltr">This is a great list. With this powerful first report, Special Rapporteur David Kaye builds upon the legacy of Frank La Rue, the previous rapporteur whose work on the intersection between privacy and freedom of expression provided important context to the Snowden leaks in the international human rights community. We hope countries and companies will adopt Kayes’ recommendations, taking a stand for strong encryption and anonymous speech instead of constantly working to undermine them.</p>
</div></div></div>Fri, 05 Jun 2015 19:15:30 +0000katitza86163 at https://www.eff.orgCommentaryAnonymityInternationalMandatory Data RetentionPrivacyEFF Se Suma a Una Gran Coalición Global Instando a los Legisladores Paraguayos a Rechazar la Vigilancia Masivahttps://www.eff.org/es/deeplinks/2015/06/eff-se-suma-una-gran-coalicion-global-instando-los-legisladores-paraguayos
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="image-right" dir="ltr"><img src="/files/2015/06/03/img_8417.jpg" alt="" height="277" width="363" /></p>
<p dir="ltr">La Electronic Frontier Foundation <a target="_blank" href="https://medium.com/@TEDICpy/m%C3%A1s-de-60-organizaciones-del-mundo-firman-contra-pyrawebs-aaf4a5d7a6b9">se ha sumado</a> a una coalición mundial de más de 67 organizaciones defensoras de los derechos humanos en apoyo a grupos en Paraguay, mediante la cual instan a sus legisladores a rechazar por completo un proyecto de ley de retención obligatoria de datos. El proyecto de ley, <a href="https://www.eff.org/deeplinks/2015/06/you-have-48-hours-stop-paraguays-data-retention-bill">que se votará este jueves 4 de junio</a>, obligaría a los Proveedores de Servicios de Internet (PSI) locales a conservar los detalles de las comunicaciones y ubicación de sus usuarios por un período de 12 meses. De aprobarse, dicha retención violaría las normas internacionales de derechos humanos y el derecho de la privacidad de los paraguayos.</p>
<p dir="ltr">Los usuarios paraguayos de Internet le han puesto al proyecto de ley el mote de "Pyrawebs", en alusión a una versión actualizada de los infames <a href="http://www.abc.com.py/nacionales/pyragues-por-todos-lados-431628.html">pyragües</a>, delatores que vigilaron los movimientos de la población civil, sus reuniones, preferencias políticas, orientación religiosa y más informaciones bajo el mandato del ex dictador Alfredo Stroessner, que gobernó el país entre 1954 y 1989.</p>
<p dir="ltr">El proyecto <a href="https://www.eff.org/deeplinks/2014/12/ley-de-retencion-de-datos-de-trafico-en-paraguay-la-pieza-clave-del-sistema-de">fue presentado</a> el año pasado bajo el frágil pretexto que esta medida es una necesidad urgente para prevenir la delincuencia. Estos repetidos y débiles argumentos son una técnica probada y testeada, que fomenta una cultura de miedo en medio de una incesante guerra contra el terrorismo para justificar incursiones arbitrarias y desproporcionadas a las libertades civiles. Hemos leído sobre ello en 1984 de George Orwell, lo hemos escuchado de regímenes opresivos, y ahora lo estamos presenciando en países democráticos como Paraguay.</p>
<p dir="ltr"><a href="http://tedic.org/">TEDIC</a> (Tecnología &amp; Comunidad), una ONG paraguaya defensora de los derechos digitales junto a <a href="http://amnesty.org.py/">Amnistía Paraguay</a> han tomado la delantera en la campaña contra el proyecto de ley Pyrawebs.</p>
<h3 dir="ltr">¡Actúa ahora!</h3>
<p dir="ltr">Si eres paraguayo, contacta con los Senadores y exprésale las preocupaciones sobre el proyecto de ley. Puedes utilizar una <a href="https://act.eff.org/action/tienes-48-horas-para-frenar-pyrawebs-en-paraguay">herramienta de EFF</a> o tuitear al Congreso directamente con el hashtag #Pyrawebs para correr la voz sobre este debate.</p>
<p>La carta está íntegra aquí:</p>
<blockquote><p dir="ltr" id="docs-internal-guid-13600bda-bb55-bdbc-a73c-7aa0d155711a"><span>ACCIÓN DE SOLIDARIDAD INTERNACIONAL</span></p>
<p dir="ltr"></p>
<p dir="ltr"><strong><span>Carta Abierta al Senado de Paraguay</span></strong></p>
<p dir="ltr"><span>1 de Junio de 2015</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Honorable Cámara de Senadores de la República del Paraguay</span></p>
<p dir="ltr"><u><span>Presente</span></u><span>.-</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>De nuestra consideración:</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Las organizaciones firmantes manifiestan un llamado de alerta respecto al Proyecto de Ley "Que establece la obligación de conservar datos de tráfico", presentado por los Senadores Fernando Silva Facetti, Roberto Acevedo, Arnaldo Giuzzio y Arnoldo Wiens.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Este Proyecto de Ley, que fue rechazado en forma unánime por la Cámara de Diputados el pasado 12 de marzo, ha vuelto a la cámara de origen en su Tercer Trámite Constitucional para su rechazo definitivo o aprobación.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>De aprobarse, el Proyecto de Ley obligará a los Proveedores de Servicios de Internet (PSI) a almacenar por un periodo de 12 (doce) meses datos tales como el origen y destino de sus comunicaciones, hora y fecha de conexión y desconexión, información de geolocalización e identificación de los dispositivos, lo que permitirá documentar las actividades en línea de millones de usuarios inocentes. Los datos retenidos podrán ser luego accedidos por las autoridades de investigación paraguayas para perseguir cualquier hecho punible.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Según el Proyecto de Ley, este excluye el "contenido" de las comunicaciones, sin embargo, la recolección indiscriminada de datos de tráfico y el cruce de esta información puede revelar mucho más que el contenido de las llamadas que los proponentes del proyecto han dado a entender en declaraciones a medios de comunicación. Estos datos de tráfico proporcionan suficiente contexto para conocer algunos de los detalles más íntimos de las vidas de los paraguayos, como por ejemplo: sus lugares de residencia y tránsito habituales, relaciones sociales, hábitos de consumo, personas con quienes se comunican, preferencias personales, entre otros.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Organizaciones de la sociedad civil, periodistas, abogados, expertos en seguridad informática, y activistas de derechos humanos han reconocido que el Estado tiene obligaciones en materia de investigación y sanción de los infractores de delitos penales, inclusive en el contexto digital. Sin embargo, lo que realmente el Congreso paraguayo busca con esta norma es cambiar las reglas de juego vigentes sobre la autorización para conducir la vigilancia.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Con este proyecto de ley se pasaría de un sistema donde la autorización de la vigilancia de las comunicaciones se basa en la sospecha individualizada, a raíz de la comisión de un ilícito penal, hacia un sistema donde la vigilancia es masiva, no selectiva, sin sospecha alguna de la comisión de un delito; es decir, donde la autorización es a priori, un 'cheque en blanco' que permite la conservación de datos para posible uso futuro de los mismos por parte de las autoridades.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Las medidas de vigilancia de las comunicaciones de personas inocentes de un país entero, tal como se encuentra contemplado en el proyecto de ley son medidas desproporcionadas e innecesarias en una sociedad democrática donde el Estado de Derecho prevalece. En efecto, el proyecto no distingue entre situaciones en las que una vigilancia estaría justificada y aquellas en las que no, permitiendo de este modo una intrusión abusiva e ilegítima del control estatal en la vida privada de las personas.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Se reconoce también que las salvaguardas requeridas por el derecho internacional no han sido incluidas en la ley, en particular por la falta de proporcionalidad de las medidas proyectadas y la ausencia de garantías mínimas para la protección de la privacidad de las personas y de sus datos de carácter absolutamente personal.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>En conclusión, este proyecto ignora las garantías básicas previstas en la Constitución Nacional y los tratados internacionales de Derechos Humanos, por lo que resultaría en una violación de derechos como la libertad de expresión e intimidad, consagrados en la Carta Magna paraguaya.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Por todo lo expuesto, llamamos al Poder Legislativo paraguayo a defender su Constitución Nacional y los tratados internacionales de derechos humanos de aquellos afectados, rechazando plenamente el Proyecto de ley #Pyrawebs.</span></p>
</blockquote>
<h2 dir="ltr"><strong>#pyrawebs</strong></h2>
<h2 dir="ltr"><strong>Firmantes </strong></h2>
<h2 dir="ltr">Organizaciones Latinoamericanas<strong> </strong></h2>
<ol id="docs-internal-guid-13600bda-bbf2-aa2d-d962-626feeb786ce"><li dir="ltr">
<p dir="ltr"><span>ACI-Participa (Honduras)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>ACIJ - Asociación Civil por la Igualdad y la Justicia (Argentina)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>ARTIGO 19 (Brasil)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Asociación por los Derechos Civiles - ADC (Argentina)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Associção Brasileira de Jornalismo Investigativo (Brasil)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Centro Nacional de Comunicación Social, Cencos (México)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>DATA Uruguay (Uruguay)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Derechos Digitales (América Latina)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Espacio Público (Venezuela)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Enjambre Digital (México)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Foro de Periodismo Argentino - FOPEA (Argentina)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Fundación Karisma (Colombia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Fundación Vía Libre (Argentina)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Fundación para la Libertad de Prensa - FLIP (Colombia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Hiperderecho (Perú)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Intervozes - Coletivo Brasil de Comunicação Social (Brasil)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Instituto Beta Para Internet e Democracia – IBIDEM (Brasil)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Instituto DEMOS (Guatemala)</span></p>
</li>
<li dir="ltr"><span id="docs-internal-guid-13600bda-bf25-359c-eeea-489269725f5f">Instituto Prensa y Sociedad - IPYS (Venezuela)</span></li>
<li dir="ltr">
<p dir="ltr"><span>IPANDETEC - Instituto Panameño de Derecho y Nuevas Tecnologías (Panamá)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>ISOC Capítulo Paraguay (Paraguay)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Movimento Mega (Brasil)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>R3D - Red en Defensa de los Derechos Digitales (México)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>RedPaTodos (Colombia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Son Tus Datos (México)</span></p>
</li>
<li dir="ltr"><span id="docs-internal-guid-13600bda-bc29-f871-6501-8733517f2b94">SocialTIC (México)</span></li>
<li dir="ltr">
<p dir="ltr"><span>Sursiendo (México)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>TEDIC — Tecnología &amp; Comunidad (Paraguay)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Usuarios Digitales de Ecuador (Ecuador)</span></p>
</li>
</ol><h2 dir="ltr">Organizaciones Asiáticas, Africanas, Europeas y Norteamericanas<strong> </strong></h2>
<ol><li dir="ltr">
<p dir="ltr"><span>Afghanistan Journalists Center (Afganistán)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Africa Freedom of Information Centre (Africa)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Arbeitskreis Vorratsdatenspeicherung (Alemania)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Australian Privacy Foundation (Australia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Canadian Journalists for Free Expression - CJFE (Canadá)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Canadian Internet Policy &amp; Public Interest Clinic - CIPPIC (Canadá)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Center for Independent Journalism (Romania)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Digitalcourage (Alemania)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>European Digital Rights - EDRI (Europa)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Freedom Forum (Nepal)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>International Modern Media Institute- IMMI (Islandia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Institute for Studies on Free Flow of Information (Indonesia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Internet Policy Observatory (Pakistán)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>International Federation of Journalists (Asia Pacífico)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>La Quadrature du Net (Francia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Media, Entertainment &amp; Arts Alliance (Australia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Media Foundation for West Africa (Africa del Oeste)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Metamorphosis, Foundation for Internet and Society (Macedonia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Open Rights Group (Reino Unido)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Open Net Korea (Corea del Sur)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Palestinan Center for Development and Media Freedoms-MADA (Palestina)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Panoptykon Foundation (Polonia)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>People Who Net (Estados Unidos)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Privacy and Access Council of Canada (Canadá)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>PEN Canada (Canadá)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Share Foundation - Share Defense (Sudeste de Europa)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Zimbabwe Human Rights NGO Forum (Zimbabue)</span></p>
</li>
</ol><h2 dir="ltr">Organizaciones Internacionales</h2>
<ol><li dir="ltr">
<p dir="ltr"><span>Access (Internacional)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Association for Progressive Communications - APC (Internacional)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Association of Caribbean Media Workers (Internacional)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Code Red (Internacional)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Electronic Frontier Foundation - EFF (Internacional)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Globe International Center (Internacional) </span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>IPJustice (Internacional)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Media Institute of Southern Africa (Internacional)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>OpenMedia.org (Internacional)</span></p>
</li>
<li dir="ltr">
<p dir="ltr"><span>Privacy International (Internacional)</span></p>
</li>
<li dir="ltr"><span>PEN International (Internacional)</span></li>
</ol></div></div></div>Thu, 04 Jun 2015 00:55:43 +0000katitza86206 at https://www.eff.orgCall To ActionInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosTienes 48 Horas para Detener la Retención de Datos de Tráfico en Paraguayhttps://www.eff.org/es/deeplinks/2015/06/tienes-48-horas-para-detener-la-retencion-de-datos-de-trafico-en-paraguay
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr"><img src="/files/2015/06/02/pyrawebs-share-1b.png" alt="" height="400" width="595" /></p>
<p dir="ltr">Este jueves 4 de Junio, el Senado de Paraguay votará sobre el Proyecto de Ley de Retención de Datos de Tráfico, uno de los peores <a target="_blank" href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">proyectos anti-privacidad</a> del país. Esta iniciativa, denominada popularmente 'Pyrawebs' por la semejanza con el sistema de espionaje basado en los delatores (pyragües en idioma guaraní), implementado por la dictadura militar que dominó Paraguay por 35 años (1954 - 1989), es es una medida desproporcionada que debe ser rechazada rotundamente.</p>
<p dir="ltr">¡Tienes 48 horas para correr la voz! Aquí está cómo puedes participar:</p>
<h3 dir="ltr">Tuitea a la Cámara de Senadores</h3>
<div id="magicdomid15"><span>Si eres paraguayo, contacta a los Senadores, </span><a target="_blank" href="https://act.eff.org/action/tienes-48-horas-para-frenar-pyrawebs-en-paraguay">a través de nuestro Action Center</a>,<span> para expresar tus preocupaciones sobre la ley Pyrawebs. Comparte la lista de Senadores, tuitéalos y c</span><span>órre la voz sobre la ley con el hashtag #Pyrawebs.</span></div>
<p dir="ltr"></p>
<h3 dir="ltr">Escribe posts sobre Pyrawebs y su problemática en tu sitio web o en las redes sociales</h3>
<p dir="ltr">Para unirte a la acción, recomendamos que escribas sobe los peligros de este proyecto de ley. Una entrada en tu blog, una actualización en Facebook, o incluso un tweet (utilizando el hashtag #Pyrawebs), donde puedes enlazar nuestro <a target="_blank" href="https://act.eff.org/action/tienes-48-horas-para-frenar-pyrawebs-en-paraguay">Action Center</a> para ayudar a nuestros colegas en Paraguay para detener la ley #Pyrawebs.</p>
<h3 dir="ltr">Sigue a TEDIC para más actualizaciones</h3>
<p dir="ltr">También puedes seguir a <a target="_blank" href="http://www.tedic.org/">TEDIC</a> — Tecnología &amp; Comunidad en las <a href="https://twitter.com/tedicpy">redes sociales</a> y visitar la campaña en línea a través de <a href="https://pyrawebs.tedic.org">https://pyrawebs.tedic.org</a>. Este proyecto de ley está plagado de defectos que amenazan los derechos de privacidad y libertad de expresión, así como la libertad de comunicación sin represalias de millones de paraguayos. Desde EFF, estaremos actualizando nuestro sitio con lo que suceda con Pyrawebs en esta semana.</p>
</div></div></div>Tue, 02 Jun 2015 22:07:13 +0000davidbogado86191 at https://www.eff.orgInternationalMandatory Data RetentionYou Have 48 Hours to Stop Paraguay’s Data Retention Billhttps://www.eff.org/es/node/86164
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr"><img src="/files/2015/06/02/fpg-pyrawebs-1b.png" alt="" height="258" width="630" /></p>
<p dir="ltr">This Thursday, the Paraguayan Senate will vote on a data retention mandate—one of the worst <a target="_blank" href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">anti-privacy bills</a> we've yet seen in Paraguay. The bill, dubbed<a href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention"> Pyrawebs</a>, is a big deal: its data retention mandate is a disproportionate measure that should be roundly rejected. You have 48 hours to mobilize your networks.</p>
<p dir="ltr">Here's how you can participate:</p>
<h3 dir="ltr">Post about Pyrawebs and its numerous issues on your website or over social media</h3>
<p dir="ltr">To join the action, we encourage you to write about the dangers of this bill. A blog post, a Facebook update, or even a tweet (using the hashtag #Pyrawebs) linking <a target="_blank" href="https://act.eff.org/action/tienes-48-horas-para-frenar-pyrawebs-en-paraguay">to our action alert </a>could go a long way in helping our friends in Paraguay to stop #Pyrawebs.</p>
<p dir="ltr">We have a number of blog posts up about the data retention mandate problems, including a general overview post (<a href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">EN</a>) (<a href="https://www.eff.org/deeplinks/2014/12/ley-de-retencion-de-datos-de-trafico-en-paraguay-la-pieza-clave-del-sistema-de">ES</a>); a<a href="https://www.eff.org/es/deeplinks/2014/11/la-retencion-de-datos-de-trafico-en-paraguay-es-espionaje-masivo-e"> thorough FAQ</a> (ES); TEDIC's<a href="https://medium.com/@TEDICpy/los-10-mitos-de-la-ley-pyrawebs-c8c5e22befb9"> 10 Myths About Pyrawebs (ES)</a>, <a href="https://www.accessnow.org/blog/2015/06/01/pyrawebs-menacing-return-of-mass-surveillance-in-paraguay-espanol-english">Access’s excellent post</a>, <a href="https://medium.com/@TEDICpy/8-razones-t%C3%A9cnicas-para-rechazar-la-ley-pyrawebs-f8aad9104ddd">8 Technical reasons for rejecting #Pyrawebs</a>, and discussion of how data retention mandates are<a href="https://www.eff.org/deeplinks/2014/12/ley-de-retencion-de-datos-de-trafico-en-paraguay-la-pieza-clave-del-sistema-de"> unnecessary and disproportionate measure</a> (<a href="https://necessaryandproportionate.org/text">EN</a>). If you are Paraguayan, we encourage you to read up and educate your networks—through posts or tweets—about the Pyrawebs’ dangers.</p>
<h3 dir="ltr">Tweet at the Paraguayan Senate</h3>
<p dir="ltr">If you are Paraguayan, contact your senator and express your major concerns with Pyrawebs. Tweet at Congress, share the list, and spread the word about Pyrawebs' issues with the hashtag #Pyrawebs.</p>
<h3 dir="ltr">Follow TEDIC's site for more updates</h3>
<p dir="ltr">As this week goes on, we'll post more updates, actions, and analysis around Pyrawebs on our site. You should also visit the online campaign at <a href="https://pyrawebs.tedic.org">https://pyrawebs.tedic.org</a> and <a href="https://medium.com/kurtu-ral/estudio-demuestra-que-vigilancia-masiva-tipo-pyrawebs-no-brinda-resultados-contra-el-crimen-b0abe5000e69?source=tw-lo_f1d280c96939-1426005020283">on this updated article</a>. This bill is riddled with flaws that threaten Paraguayans' right to privacy and free expression, as well as their right to read and communicate without fear of reprisal. Check back here often for more on how to stop it.</p>
</div></div></div>Tue, 02 Jun 2015 08:56:33 +0000katitza86164 at https://www.eff.orgInternationalMandatory Data RetentionParaguay: La Lucha Contra El Proyecto de Retención de Datos Continúa en el Senadohttps://www.eff.org/es/deeplinks/2015/05/paraguay-retencion-datos-senado-pyrawebs
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Tras el rechazo unánime en la Cámara de Diputados al proyecto de ley que pretende que compañías de telefonía e internet almacenen durante 12 meses los metadatos de todos los usuarios, la iniciativa volvió a los Senadores, quienes están de acuerdo con la desproporcional e innecesaria figura legal por lo que aceleran su aprobación.</p>
<p>En Junio del 2014, cuatro senadores Paraguayos presentaron el <a href="http://sil2py.diputados.gov.py/formulario/VerDetalleTramitacion.pmf?q=VerDetalleTramitacion/102821">proyecto </a><a href="http://sil2py.diputados.gov.py/formulario/VerDetalleTramitacion.pmf?q=VerDetalleTramitacion/102821">de conservación de datos de tráfico</a> que contó con el apoyo de la Fiscalía y el Ministerio Público. En Octubre del mismo año, el proyecto fue aprobado con modificaciones en la Cámara Alta; pero la <a href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">presión ciudadana y en línea</a> logró el unánime rechazo al proyecto en la Cámara de Diputados el 12 de marzo del 2015.</p>
<p>En el tercer trámite constitucional de este proyecto, las comisiones de Prevención y Lucha contra el Narcotráfico y Delitos Conexos además de Obras Públicas y Comunicaciones del Congreso Paraguayo rechazaron el dictamen de los Diputados, con lo que se ejerce fuerza para que proyecto de ley denominado popularmente como "pyrawebs" en alusión al espionaje de la dictadura militar que gobernó Paraguay por 35 años, se apruebe en su estado actual.</p>
<p>El proyecto de retención de datos supera con amplitud a la necesidad de las autoridades de obtener datos para investigaciones específicas, ya que obligará a las compañías proveedoras a almacenar 12 meses de metadatos (IP de origen y destino, fecha y hora de conexión – desconexión), geolocalización, identificación del usuario y de los dispositivos, y entregar a las autoridades estas informaciones bajo orden de un Juez de Garantías. Estos datos podrán ser utilizados para cualquier hecho punible ya que no los delimita con exactitud.</p>
<p>El contenido de las comunicaciones es excluido en el ámbito de aplicación de este proyecto de ley, sin embargo los metadatos contienen tanto o más información que un par de mensajes enviados entre usuarios. Por ejemplo, <a href="http://webpolicy.org/2014/03/12/metaphone-the-sensitivity-of-telephone-metadata/">investigadores de Stanford </a>encontraron que la información sobre quien llama a quien puede utilizarse para inferir hechos extraordinariamente sensibles acerca de ellos, incluido el hecho de solicitar y obtener tratamiento para condiciones médicas particulares, si realizaron un aborto, y si adquirieron armas de fuego, entre otras cosas.</p>
<p>Ante este escenario, la <a target="_blank" href="http://www.tedic.org/">ONG TEDIC</a> y <a target="_blank" href="http://amnesty.org.py/">Amnistía Internacional Paraguay</a> continúan realizando diversas tareas como reuniones en el Senado, actualizaciones en las redes sociales, y explicando a los ciudadanos sobre el significado del proyecto.</p>
<p>Entrevistados por una <a href="http://www.nanduti.com.py/2015/04/27/ocurrio-ocurre-y-aqui-esta-con-la-conduccion-de-gustavo-velazquez-y-osvaldo-caceres-16/">radio local</a>, integrantes de TEDIC reafirmaron la postura contraria a la retención de datos. Comentaron además que en las visitas a los Senadores se les citó un estudio de la <a href="http://www.newamerica.net/publications/policy/do_nsas_bulk_surveillance_programs_stop_terrorists">New America Foundation</a> sobre la recolección masiva de datos telefónicos e internet por parte de la NSA, que reafirmó que métodos tradicionales de investigación fueron los que identificaron a personas vinculadas al terrorismo en los Estados Unidos, y no la guarda de datos.</p>
<p>Maricarmen Sequera, directora Ejecutiva de TEDIC entrevistada por radio Ñandutí:</p>
<blockquote><p>Es muy importante entender las violaciones constitucionales; y que cuando se crean herramientas jurídicas para perseguir hechos punibles siempre tienen que tenerse en cuenta los estándares internacionales para perseguir delitos a través de pruebas. ¿Es necesario perseguir hechos punibles? Sí, y ese es un punto a favor del proyecto de Retención de Datos, ¿pero es proporcional? No lo es, y ahí los puntos son en contra.</p></blockquote>
<p>Jazmín Acuña, directora de proyectos de TEDIC entrevistada por radio Ñandutí:</p>
<blockquote><p>Uno de los senadores proyectistas dijo que con esto quiere que el Estado sea más poderoso, por eso quiere dar esta herramienta a la Fiscalía para perseguir delitos, pero le respondimos de que en realidad le darán más poder a las operadoras de telefonía que van a almacenar todos estos datos. ¿Qué salvaguarda tendremos de que estos datos sean bien cuidados? No hay nada en el proyecto que lo contemple, y menos la destrucción de los datos después del plazo, pueden tenerlo por 10 años si quieren.</p></blockquote>
<p>Cabe resaltar que por reglamento de la Comisión Nacional de Telecomunicaciones (Conatel), desde el año 2002 las empresas de telefonía están obligadas a guardar por un plazo de 6 meses los registros telefónicos y de SMS de todos los usuarios; así como la Ley 4868 <a href="http://digesto.senado.gov.py/ups/leyes/8092.pdf">de Comercio Elect</a><a href="http://digesto.senado.gov.py/ups/leyes/8092.pdf">r</a><a href="http://digesto.senado.gov.py/ups/leyes/8092.pdf">ónico</a> que reglamenta una guarda de datos de tráfico por el mismo plazo exclusivamente para fines comerciales. Además la norma prohíbe el uso de esos datos para fines secundarios al propósito original de su recolección, como es el acceso para fines penales. La extensión del proyecto de retención de datos de tráfico es, a simple vista, claramente mayor.</p>
<p>EFF contactó con Rosalía Vega, directora Ejecutiva de Amnistía Internacional capítulo Paraguay respecto a la campaña contra el proyecto de ley de retención de datos de tráfico:</p>
<blockquote><p>Amnistía Internacional está preocupada que las salvaguardas requeridas por el derecho internacional de DD.HH, no han sido incluidas en el proyecto de ley, en particular por la falta de proporcionalidad de las medidas proyectadas y la ausencia de garantías mínimas para la protección de la privacidad de las personas y de sus datos de carácter personal.</p>
<p>Amnistía Internacional Paraguay mantendrá el trabajo conjunto a la organización local TEDIC, ya que consideramos que el actual proyecto de ley de retención de datos, generaría una violación grave del derecho a la intimidad y a la libertad de expresión de toda la ciudadanía paraguaya.</p></blockquote>
<p>De aprobarse la Retención de Datos en Paraguay, una simple descarga ilegal de material protegido por derechos de autor o publicar denuncias que afecten al poder puede dar lugar a la apertura de un expediente judicial que escrutine los últimos 12 meses del historial en línea y ubicación de los usuarios de telefonía e internet.</p>
<p>Desde EFF, sostenemos que antes de aprobar cualquier proyecto que pretenda interceptar las comunicaciones, principios internacionales como los de la <a href="https://es.necessaryandproportionate.org/text">Aplicación de los Derechos Humanos a la Vigilancia de las Comunicaciones</a> deben ser revisados. Los ciudadanos paraguayos merecen por parte de sus autoridades un debate en profundidad sobre los alcances invasivos de esta y otras normativas de similar tono.</p>
<p dir="ltr">Únanse a los activistas paraguayos en su lucha contra la ley Pyrawebs. La ONG TEDIC comparte el sitio <a href="http://pyrawebs.tedic.org/">http://pyrawebs.tedic.org/</a> así como un vídeo explicativo de los peligros de la retención de datos <a href="http://vimeo.com/113554955">aquí</a>.</p>
</div></div></div>Mon, 04 May 2015 13:34:47 +0000davidbogado85722 at https://www.eff.orgMandatory Data RetentionPyrawebs: Paraguayans Rise Up Against Mandatory Data Retentionhttps://www.eff.org/es/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="image-right" dir="ltr"><img src="/files/2015/03/12/equipopyrawebs.jpg" alt="" height="192" width="343" /></p>
<p dir="ltr">UPDATED March 12, 2015: Today, the draft bill on Data Retention <a href="https://twitter.com/hashtag/Pyrawebs?src=hash" data-query-source="hashtag_click" class="twitter-hashtag pretty-link js-nav" dir="ltr"><s>#</s><b>Pyrawebs</b></a> was rejected in the Deputies Chamber, but the fight is not completely over. We will be keeping a close watch on the bill as it returns to the Senate. We were inspired by the activism of <a href="http://www.tedic.org/">TEDIC</a>, a digital rights organization and our allies in Paraguay, for leading an awe-inspiring campaign fighting for privacy rights. TEDIC, Amnesty International in Paraguay, and Internet users mobilized to push Paraguayan lawmakers in the right direction. Bravo TEDIC, bravo team anti-pyrawebs. You can all be proud today that there was no law enacted on Paraguayan's watch that would have compromised the online privacy rights of Paraguayan Internet users in the name of security.</p>
<p dir="ltr">__</p>
<p dir="ltr"><img class="image-right" src="/files/2014/12/10/pyrawebs-1.jpg" alt="" height="242" width="358" />Paraguay understands the dangers of pervasive surveillance. Its ex-dictator, <a href="https://en.wikipedia.org/wiki/Alfredo_Stroessner">Alfredo Stroessner</a>, maintained his grip on power with the help of “<a href="http://www.abc.com.py/nacionales/pyragues-por-todos-lados-431628.html">pyragues</a>”, informers who monitored the civilian population on his behalf. That’s why so many in the country recognise the dangers in its new proposed <a href="http://sil2py.diputados.gov.py/formulario/VerDetalleTramitacion.pmf?q=VerDetalleTramitacion%2F102821">data retention bill</a>. The bill, currently being debated by its politicians, would compel local ISPs to retain communications and location details of every user for a period of 12 months. No wonder it’s been described as creating a new gang of “<a href="http://www.hoy.com.py/nacionales/pyrawebs-parlamentarios-proyectan-ley-para-espiar-a-toda-la-ciudadana">pyrawebs</a>”: online informers that the authorities can ask to pinpoint the movements, connections, and associations of any Paraguayan citizen.</p>
<blockquote><p dir="ltr">"For the amount of data that may be available, I'm sure it will overtake the “<a href="http://en.wikipedia.org/wiki/Archives_of_Terror">Terror Archive</a> of the Stroessner dictatorship,” blogger <a href="https://twitter.com/daviDBogie">David Bogado</a>, says of the new bill. “This is the Archive of Terror 2.0.”</p>
</blockquote>
<p dir="ltr">Modern Paraguay has strong legal protections against the recurrence of a surveillance state. Its <a href="http://www.constitution.org/cons/paraguay.htm">constitution</a>, written after Stroessner, takes special care to assert the inviolability of private communications. It also gives international human rights treaties that the Paraguayan state has ratified the binding force of law. In particular, Paraguay has ratified the Pacto de San José de Costa Rica, which protects civil and political rights, declaring:</p>
<blockquote><p dir="ltr">“Nobody will be the subject of arbitrary or abusive interference in its private life, family, home or correspondence, nor illegal attacks to its honor or reputation.”</p>
</blockquote>
<p dir="ltr">Paraguay does not, however, have a personal data protection law, which makes the unchecked nature of the data retention proposals even more dangerous, as it forces companies to comply with the state’s demand for data, without providing any way for citizens to limit or correct the data collected on them.</p>
<p dir="ltr">Maricarmen Sequera, the executive director of Paraguayan digital rights organization TEDIC spells out what the stakes are for the country.</p>
<blockquote><p dir="ltr">“Thirty-five years of dictatorship in Paraguay scarred our society with silence and fear. The police state is not new to Paraguay; it makes it worse that in this case, the monitoring will be done by private companies. We want a democracy, not a new set of pyrawebs.”</p>
</blockquote>
<p dir="ltr"><strong>The risks of Paraguay’s data retention bill</strong></p>
<p dir="ltr">In contrast to other Paraguayan law initiatives which only allow the government access to stored data when investigating serious offenses, the new proposal would grant the government access to data for any type of offense, however minor, such as peer-to-peer downloads and defamation. The current draft does not specify a level of evidentiary proof or justification that should be be met in order to access the data.</p>
<blockquote><p dir="ltr">“The pyrawebs law is ambiguous because it suggests the prosecution of serious crimes such as terrorism and pedophilia, but actually affects any offense such as slander, bribery, or Internet downloads that might infringe copyright law,” writes the sociologist and free software advocate Luis Alonzo Fulchi, who has been tracking the bill as it passes through Paraguay’s congress.</p>
</blockquote>
<p dir="ltr">The bill’s language is vague enough in its scope to potentially require any physical person or entity that offers access to Internet to collect and store data for the government. That include cyber cafes, coffee shops, libraries, or firms that provide work Internet access. As with data retention proposals elsewhere, indisciminate and universal data collection opens the possibility for breaches of confidentiality between doctors and patients, lawyers and clients, journalists and their sources.</p>
<p dir="ltr">The bill does exclude the mass collection of the content of communications. But, as the rest of the world is slowly realizing, the increasing abundance of metadata, and the techniques for aggregating and analyzing it, means that “<a href="https://www.eff.org/deeplinks/2013/06/why-metadata-matters">mere metadata</a>” on its own reveals a devastating amount about private citizens. The government’s ability to gather even the simplest forms of metadata, over a long period of time, and organize it using modern surveillance techniques can easily garner the kind of vicious insight that the original Pyragues could only dream of. The Inter American Court for Human Rights made clear in Escher y Otros vs. Brasil<a class="see-footnote" id="footnoteref1_pnnp7e7" title="Inter-American Court of Human Rights. Case of Escher v. Brasil. Preliminary Objections, Merits, Reparations and Costs. Judgement of 6 July 2009. Series C No. 200, para. 114. " href="#footnote1_pnnp7e7">1</a> that content, as well as metadata are protected by the Inter-American's human rights laws:</p>
<blockquote><p dir="ltr">"Article 11 applies to telephone conversations irrespective of their content and can even include both the technical operations designed to record this content by taping it and listening to it, or any other element of the communication process; for example, the destination or origin of the calls that are made, the identity of the speakers, the frequency, time and duration of the calls, aspects that can be verified without the need to record the content of the call by taping the conversation.”</p>
</blockquote>
<p dir="ltr">Paraguay must uphold its current international human rights obligations by introducing a law that will genuinely protect personal data. Moreover, the bill needs to comply with the principles of <a href="https://necessaryandproportionate.org/text">legality, legitimate aim, necessity, proportionality, among others</a>. Allowing the parawebs law to pass would be an insult to Paraguay’s history, ignore decades of experience of what pervasive surveillance can do to a society. Join Paraguay’s activists and fight against the new bill at TEDIC’s new site: <a href="http://pyrawebs.tedic.org/">http://pyrawebs.tedic.org/</a> and share our video explaining the dangers of data retention <a target="_blank" href="http://vimeo.com/113554955">here</a>.</p>
<p dir="ltr"><strong>Resources:</strong></p>
<p dir="ltr"><a target="_blank" href="https://www.eff.org/deeplinks/2014/09/metadata-debate-latin-american-perspective">13 Principles Week of Action: The “Metadata Debate” ~ A Latin American Perspective</a></p>
<p dir="ltr"><em>Originally published on November, 2014, republished on February 15, 2015. UPDATED: March 12, 2015</em></p>
<ul class="footnotes"><li class="footnote" id="footnote1_pnnp7e7"><a class="footnote-label" href="#footnoteref1_pnnp7e7">1.</a> Inter-American Court of Human Rights. Case of Escher v. Brasil. Preliminary Objections, Merits, Reparations and Costs. Judgement of 6 July 2009. Series C No. 200, para. 114. </li>
</ul></div></div></div>Thu, 12 Mar 2015 17:02:12 +0000katitza83423 at https://www.eff.orgCommentaryInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosYou Have 48 Hours to Stop the Spies in Paraguayhttps://www.eff.org/es/deeplinks/2015/03/you-have-48-hours-stop-spies-paraguay
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">This Thursday, the <a href="http://www.abc.com.py/nacionales/pyrawebs-sera-primer-punto-1344262.html">Paraguayan Chamber of Deputies</a> will vote on a<a href="https://www.eff.org/pages/six-good-things-about-innovation-act"> </a>data retention mandate—one of the <a href="https://www.eff.org/deeplinks/2015/03/stop-spies-paraguay">worst freedom-killing bills </a>we've seen so far in Paraguay. The bill, dubbed <a href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">Pyrawebs</a>, is a big deal: data retention mandates are a disproportionate measure that should be sorely rejected. It is now that time to mobilize your networks.</p>
<p>Here's how you can participate:</p>
<h3>Post about Pyrawebs and its numerous issues on your website or over social media</h3>
<p dir="ltr">To join the action, we encourage you to write about the dangers of this bill. A blog post, a Facebook update, or even a tweet (using the hashtag #Pyrawebs) linking to <a target="_blank" href="http://pyrawebs.tedic.org/">TEDIC’s action alert</a> could go a long way in helping our friends in Paraguay to stop #Pyrawebs.</p>
<p dir="ltr">We have a number of blog posts up about the data retention mandate problems, including a general overview post (<a target="_blank" href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">EN</a>) (<a target="_blank" href="https://www.eff.org/deeplinks/2014/12/ley-de-retencion-de-datos-de-trafico-en-paraguay-la-pieza-clave-del-sistema-de">ES</a>); a <a href="https://www.eff.org/es/deeplinks/2014/11/la-retencion-de-datos-de-trafico-en-paraguay-es-espionaje-masivo-e">thorough FAQ</a> (ES); TEDIC's <a target="_blank" href="https://medium.com/@TEDICpy/los-10-mitos-de-la-ley-pyrawebs-c8c5e22befb9">10 Myths About Pyrawebs [ES]</a>, and a discussion of how it's <a href="https://www.eff.org/deeplinks/2014/12/ley-de-retencion-de-datos-de-trafico-en-paraguay-la-pieza-clave-del-sistema-de">an unnecessary and disproportionate measure</a> (ES) [<a target="_blank" href="https://necessaryandproportionate.org/text">EN</a>]. If you are Paraguayan, we encourage you to read up and educate your networks—through posts or tweets—about the Pyrawebs’ dangers.</p>
<h3 dir="ltr">Tweet at the Paraguayan Congress</h3>
<p dir="ltr">If you are Paraguayan, contact your <a href="https://drive.google.com/file/d/0BwpBlMbF1zTaWGlrdTBrY0ZYMDg/view">Paraguayan congressman</a> and express your major concerns with Pyrawebs. Tweet at Congress, share the list, and spread the word about Pyrawebs' issues here #pyrawebs.</p>
<h3 dir="ltr">Follow TEDIC's site for more updates</h3>
<p dir="ltr">As this week goes on, we'll be posting more updates, actions, and analysis around Pyrawebs on our site. You should also visit the online campaign at https://<a href="https://pyrawebs.tedic.org">pyrawebs.tedic.org</a> and <a href="https://medium.com/kurtu-ral/estudio-demuestra-que-vigilancia-masiva-tipo-pyrawebs-no-brinda-resultados-contra-el-crimen-b0abe5000e69?source=tw-lo_f1d280c96939-1426005020283">here</a>. This bill is riddled with a number of flaws that threaten Paraguayans' right to privacy and free expression, their right to read and communicate without fear of reprisal. Be sure to check back here often.</p>
</div></div></div>Tue, 10 Mar 2015 17:31:53 +0000Adi Kamdar84963 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosA New Bill in Paraguay Would Destroy Online Privacyhttps://www.eff.org/es/node/84921
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today, the Paraguayan House of Representatives <a href="http://www.abc.com.py/nacionales/postergan-ley-pyrawebs-1342737.html">postponed for eight days</a> the discussion of a mandatory data retention proposal. The bill, if passed, will require Paraguayan telecom providers to store highly personal information about their customers Internet use, for one year, for possible future access by law enforcement agencies.</p>
<p>The bill <a target="_blank" href="https://www.eff.org/deeplinks/2014/12/ley-de-retencion-de-datos-de-trafico-en-paraguay-la-pieza-clave-del-sistema-de">was introduced</a> last year under the flimsy pretext that this measure is urgently needed to prevent crime. These weak, but repeated arguments are a tried and tested technique, fomenting a culture of fear of ceaseless war or terrorism, in order to justify arbitrary and totalitarian incursions on civil liberties. We've read about it in George Orwell's 1984, we've heard about it being practiced by oppressive regimes, and now we're witnessing it first-hand in a democratic country such as Paraguay.</p>
<p>Paraguayans have not taken this threat lying down. TEDIC, a Paraguayan digital rights organization, has launched a grassroots website called<a href="http://www.stopthespies.org/"> </a><a href="http://pyrawebs.tedic.org/">Pyrawebs</a> to expose this threat and to mobilize ordinary Internet users to stop it. Internet users have been calling the bill Pyrawebs, alluding to the digital version of <a href="http://www.abc.com.py/nacionales/pyragues-por-todos-lados-431628.html">pyragues</a>, informers who monitored the civilian population on behalf of ex-dictator, Alfredo Stroessner.</p>
<p> Paraguayan Maricarmen Sequera, <a href="http://www.tedic.org/">TEDIC Executive Director</a>, raised her concerns, telling EFF: </p>
<blockquote><p>“We urge members to vote for the rejection of #Pyrawebs next Thursday. If the bill is left unaddressed in the next session, there will be a fictitious approval. In other words, it will be approved without debate” </p></blockquote>
<p>Jazmin Acuña, <a href="http://www.tedic.org/">TEDIC project director</a>, writing from the Paraguayan parliament told EFF:</p>
<blockquote><p>"For us, today’s parliamentary results show commendable progress. Every day there are more of us who believe in, and fight for a truly free Internet. We appreciate that today several deputies spoke in a form that is consistent with the principles of democracy, freedom and privacy, and have expressed their resounding rejection of #pyrawebs. We hope that the rest of the Parliamentary representatives vote against this bill in the next session”</p></blockquote>
<p>From her Twitter account, congresswoman and human rights lawyer Olga Ferreira <a href="https://twitter.com/OLGAdiputada/status/573511860319817728">tweeted</a>:</p>
<blockquote><p>“What happened with the postponement is a small example of what determined people can achieve by pushing back against #pyrawebs”</p></blockquote>
<p dir="ltr">She <a href="https://twitter.com/OLGAdiputada/status/573513674113093632">further tweeted</a>:</p>
<blockquote><p dir="ltr">“We have one week to campaign against #pyrawebs. Let’s make it worthwhile so [Congress] feels the pressure”.</p>
</blockquote>
<p dir="ltr">TEDIC has developed a simple document explaining “<a href="https://medium.com/@TEDICpy/los-10-mitos-de-la-ley-pyrawebs-c8c5e22befb9">10 Myths about Pyrawebs</a>” that all parliamentarians should read.</p>
<p dir="ltr">We don't have long: there are only 8 days left before the mandatory data retention bill is approved or rejected, and if Paraguayans, TEDIC, and their allies can't convince enough politicians to defeat it before then, it will be another blow for online privacy that takes Paraguayans further down the path towards becoming a repressive surveillance state. Tweet #pyrawebs,<a href="https://twitter.com/search?q=#StopDataRetention"> </a>contact @TEDICpy, and if you are Paraguayan, visit <a href="http://pyrawebs.tedic.org">Pyrawebs.tedic.org</a> today to demand that your representative vote against this draconian bill.</p>
</div></div></div>Thu, 05 Mar 2015 17:16:20 +0000katitza84921 at https://www.eff.orgInternationalMandatory Data RetentionPrivacyMarco Civil da Internet: O Diabo Está No Detalhehttps://www.eff.org/es/node/84878
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Em 24 de abril de 2014, a presidenta do Brasil, Dilma Rousseff, assinou o Marco Civil da Internet, um quadro de regulamentação da Internet baseado em direitos civis, pelo qual ativistas do Brasil há muito tempo vinham lutando. Apelidado de "Constituição da Internet", a lei visa reforçar a proteção das liberdades fundamentais na era digital. Apesar de ter sido desenvolvida através de um processo participativo, a lei não deixou de cair na tradicional negociata do processo legislativo, o que resultou em diversas concessões. Uma das mais prejudiciais, e ferozmente combatida por ativistas de direitos digitais, foi um mandato de retenção de dados que obriga a coleta e armazenamento de logs de conexões de qualquer indivíduo inocente.</p>
<p>O Brasil está agora em meio aos debates sobre a regulamentação do Marco Civil, e sobre o abrangente Anteprojeto de Lei de Proteção de Dados Pessoais, que juntos irão influenciar fortemente a forma como as empresas online e os governos podem tratar dados pessoais no país. O Ministério da Justiça anunciou uma consulta pública online sobre os dois tópicos, nos mesmos moldes da primeira consulta do Marco Civil, em que todas as partes interessadas podem contribuir. Os resultados dessas consultas serão determinantes para a aplicação prática do Marco Civil, como explica Dennys Antonialli, diretor executivo do InternetLab, centro de pesquisa independente que trabalha nas áreas de direito e tecnologia em São Paulo:</p>
<blockquote><p>"Ambas as consultas têm a intenção de recolher contribuições sobre como essas leis devem ser formatadas. Embora o Marco Civil estabeleça uma série de direitos para as pessoas que usam internet no Brasil, muitas das suas disposições ainda dependem de uma regulamentação posterior, como é o caso dos planos "zero-rating" e dos limites para a retenção de dados. Este é o momento de expressar nossas preocupações aos políticos e garantir que elas sejam tratadas corretamente. O mesmo vale para o Anteprojeto de Lei de Proteção de Dados Pessoais, que servirá como uma legislação de base sobre privacidade no país, e complementará o Marco Civil de várias maneiras".</p></blockquote>
<p>(<em>Os boletins semanais do InternetLab sobre as consultas públicas são excelentes fontes de informação para todas as pessoas que queiram se informar e acompanhar os processos.</em>)</p>
<p>Se a lei de proteção de dados for aprovada, o Brasil irá se juntar a mais de 100 países com leis de privacidade que restringem a coleta, utilização e divulgação de dados pessoais. Assim como nos Estados Unidos, no momento o Brasil tem apenas leis setoriais limitadas em algumas áreas. Princípios mais gerais de proteção de dados podem ser eficazes na proteção de dados pessoais, mas aplicar com êxito esses princípios, conciliando-os com outros direitos, incluindo a liberdade de expressão, requer cuidadosa elaboração, especialmente em um ambiente digital em rápida evolução.</p>
<p><strong>Marco Civil na prática: neutralidade da rede</strong></p>
<p>Um relatório emitido pela ARTIGO 19 Brasil, analisa o quão eficaz o Marco Civil tem sido durante os seus primeiros seis meses de execução. Nele, a instituição chama a atenção para o caso "Whatsapp e TIM", relacionado a questão da neutralidade da rede. Em 2014, a companhia de telefonia TIM (subsidiária brasileira da Telecom Italia Mobile), em parceria com o Whatsapp, lançou um plano (conhecido como "zero rating") em que oferece o uso do aplicativo de forma "gratuita", sem desconto na franquia de internet. A proposta de "zero rating", no entanto, gerou discussões sobre uma possível violação da neutralidade da rede, estabelecida no Marco Civil. Marcelo Bechara, conselheiro da Agência Nacional de Telecomunicações (ANATEL), acredita que a proposta é uma questão de livre mercado, enquanto outras pessoas argumentam que a gratuidade gera assimetria no tráfego (já que muitas pessoas irão optar pelo uso do aplicativo em detrimento de outros) e, portanto, limita e inibe o surgimento de novas aplicações e inovações.</p>
<p>Segundo o InternetLab, o eixo mais movimentado e discutido na consulta pública para regulamentação do Marco Civil é o da "Neutralidade da rede". A principal discussão, por sua vez, gira em torno dos planos de "zero rating", e da seguinte questão: "Podem as operadoras de telefonia móvel (a partir de acordos comerciais) realizar esse tipo de discriminação para favorecer um aplicativo entre os demais?". Junte-se à discussão aqui.</p>
<p><strong>Marco Civil na prática: anonimato</strong></p>
<p>No Brasil, a Constituição proíbe o discurso anônimo. A intenção por trás dessa proibição é a de manter a possibilidade de identificar qualquer pessoa que expresse quaisquer opiniões, crenças ou comentários, tanto online quanto offline. O anonimato é fundamental para o exercício das nossas liberdades fundamentais, tornando possível para os indivíduos se expressar livremente e sem medo de retaliação. Ao não permitir que as pessoas realizem um discurso anônimo, a Constituição brasileira impõe obstáculos significativos à capacidade dos indivíduos de denunciar os abusos de poder ou expressar opiniões impopulares. Essa proibição, no entanto, não se estende à proteção da privacidade.</p>
<p>O Marco Civil reforça que a liberdade de expressão é um princípio fundamental para as pessoas que usam a Internet no Brasil. No entanto, essa disposição deve ser interpretada de acordo com as limitações impostas pela Constituição Brasileira, deixando pouco espaço para interpretações que possam permitir o anonimato para fins de livre expressão. O Marco Civil também estabelece que a legislação deve ser aplicável a todos os produtos ou serviços utilizados por indivíduos localizados no Brasil, o que tem encorajado autoridades do Ministério Público e agentes da lei a afirmar que a proibição constitucional do discurso anônimo também deve prevenir o uso de aplicações de Internet que permitam a expressão anônima.</p>
<p>Um exemplo recente disso é a proibição imposta ao "Secret", um aplicativo que se anuncia como um "lugar seguro para dizer o que está em sua mente de forma anônima". Invocando a proibição da Constituição Brasileira, o Ministério Público ingressou com uma ação judicial contra o serviço, que acabara de se tornar extremamente popular no Brasil. Embora mais tarde anulada, uma liminar foi concedida para proibir o "Secret" em lojas de aplicativos online (Google e Apple) no Brasil, e para removê-lo remotamente de dispositivos onde já havia sido instalado.</p>
<p>Esse caso bastante emblemático aponta para os potenciais perigos da aplicação da proibição constitucional visando evitar o uso de tecnologias que melhorem a privacidade, o que também traria repercussões indesejáveis para os direitos de ler e navegar anonimamente. (<a target="_blank" href="https://www.eff.org/files/2015/02/10/unanonymity-encryption-eff.pdf"><em>Verifique o documento com a orientação política da EFF em relação ao anonimato e a criptografia</em></a>).</p>
<p>O Marco Civil continua sendo uma das mais bem trabalhadas, e democraticamente debatidas, expressões dos direitos digitais no mundo a conquistar força de lei. Mas esse não é o fim da história. Como qualquer documento fundacional, de qualquer Constituição à Declaração Universal dos Direitos Humanos, os verdadeiros desafios vêm com a interpretação e a aplicação. Cabe aos indivíduos engajados do Brasil se certificar de que a lei e a futura legislação mantenham o alto padrão definido no momento de sua criação.</p>
</div></div></div>Mon, 02 Mar 2015 18:52:39 +0000katitza84878 at https://www.eff.orgCommentaryFree SpeechInternational Privacy StandardsMandatory Data RetentionVigilancia de Estado & Derechos HumanosMarco Civil Da Internet: The Devil in the Detailhttps://www.eff.org/es/node/84822
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr">On April 24, 2014, Brazil’s President, Dilma Rousseff, signed <a href="http://participacao.mj.gov.br/marcocivil/lei-no-12-965-de-23-abril-de-2014/">Marco Civil Da Internet</a>, a civil-rights based framework for the Internet which Brazilian activists have long fought. Dubbed the “Internet Constitution,” the law seeks to reinforce the protection of fundamental freedoms in the digital age. The law was developed through a participatory process, but not without getting caught in the traditional horse-trading of the legislative process, which resulted in several concessions. One of the most damaging concessions, fiercely opposed by digital rights activists, was a data retention mandate that compels the collection and storage of connections logs of any innocent individual.</p>
<p dir="ltr">Brazil is now in the midst of rolling out the <a href="http://participacao.mj.gov.br/marcocivil/">Marco Civil’s secondary legislation</a>, together with a <a href="http://participacao.mj.gov.br/dadospessoais/">comprehensive data protection law</a> that will heavily influence how online companies and governments can treat personal data in the country. The Ministry of Justice <a href="http://participacao.mj.gov.br/">has announced</a> a public online consultation over these two pieces of legislation in the style of the Marco Civil’s process, where all the stakeholders <a href="http://www.internetlab.org.br/en/internetlab-reports/internetlab-reports-public-consultation-no-02/">can contribute</a> to the development of the bills. These results of these consultations will determine how Marco Civil is enforced in practice, as <a href="http://www.internetlab.org.br/en/team/cv/#dennys-antonialli-2">Dennys Antonialli, executive director of InternetLab</a>, an independent research center working in the fields of law and technology in Sao Paulo, explains:</p>
<blockquote><p dir="ltr">"Both consultations intend to gather inputs about the way these laws should be shaped. Although Marco Civil establishes a number of rights for internet users in Brazil, many of its provisions still depend on further regulation, such as zero rating plans and limits for data retention. This is the time to voice concerns to policymakers and make sure they will be addressed properly. The same goes for the draft of the Data Protection Bill, which will serve as a baseline privacy legislation in the country and complement Marco Civil in various ways.”</p>
</blockquote>
<p dir="ltr"><em>(InternetLab’s <a href="http://www.internetlab.org.br/en/blog-en/">weekly newsletters</a> on the Brazilian consultation are a great resource for anyone attempting to keep up with the process, incidentally.)</em></p>
<p dir="ltr">If the data protection law passes Congress, Brazil will join <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1951416">more than 100 countries</a> with privacy laws that restrict the collection, use, and disclosure of personal data. As of now, as with the United States, Brazil <a href="http://www.cartacapital.com.br/sociedade/brasil-aguarda-lei-de-protecao-de-dados-pessoais-6807.html">has limited</a> sectoral laws in some areas. More general data protection principles can be effective in protecting personal data, but successfully enforcing those principles, while reconciling them with other rights, including free expression, requires careful drafting, especially in a fast-moving digital environment.</p>
<p dir="ltr"><strong>Marco Civil in Practice: Net Neutrality</strong></p>
<p dir="ltr">Another <a href="http://artigo19.org/wp-content/uploads/2015/01/an%C3%A1lise-marco-civil-final.pdf">report issued by ARTICLE 19 Brazil</a> analyzes how effective Marco Civil has been during its first six months of implementation. In its report, ARTICLE 19 draws attention to the "Whatsapp and TIM" network neutrality case. In 2014, the telecom company TIM (the Brazilian subsidiary of Telecom Italia Mobile), in partnership with Whatsapp, released a zero rating plan that allowed subscribers to use the app for "free,” meaning it would not drain subscribers’ data allowances. The zero rating proposal generated discussions about a possible violation of the net neutrality provision of Marco Civil. Marcelo Bechara, the counselor of the National Telecommunications Agency (ANATEL), <a href="http://convergenciadigital.uol.com.br/cgi/cgilua.exe/sys/start.htm?infoid=38632">believes the proposal</a> is a matter of the free market, while others argue that the gratuity of the app generates an asymmetry in traffic (since many users will choose to use this particular app) thus limiting and inhibiting the emergence of new applications and innovations.</p>
<p dir="ltr">According to the InternetLab, the most discussed topic in the <a href="http://participacao.mj.gov.br/marcocivil/tema/neutralidade/">Marco Civil’s consultation is "Net neutrality"</a>. The main discussion involves "zero rating" plans and the following question: "Can the mobile operators perform this type of discrimination in favor of one application in spite of its competitors?” <a href="http://participacao.mj.gov.br/marcocivil/tema/neutralidade/">Join the discussion here</a>.</p>
<p dir="ltr"><strong>Marco Civil in Practice: Anonymity</strong></p>
<p dir="ltr">In Brazil, the Constitution prohibits anonymous speech. The intention behind the prohibition is to keep the possibility of identifying anyone who expresses any opinions, beliefs or comments, both in the online or in the offline world. Anonymity is crucial for the exercise of our fundamental freedoms, which makes it possible for individuals to express themselves freely and without fear of retaliation. By not allowing Brazilian citizens to engage in anonymous speech, the Constitution imposes significant obstacles to their ability to report abuses of power or express unpopular opinions. Nevertheless, that prohibition does not extend to the protection of privacy.</p>
<p dir="ltr">Limited by these significant Constitutional obstacles, the Marco Civil reinforces that freedom of speech is a foundational principle for Internet users in Brazil. However, this provision has to be construed under limitations imposed by the Brazilian Constitution, leaving very little room for interpretations that could allow anonymity for free expression purposes. Marco Civil also establishes that Brazilian law should be applicable to any products or services used by individuals located in Brazil. This provision has empowered public prosecutors and law enforcement officials to claim that the constitutional ban on anonymous speech should also prevent the use of Internet applications that allow anonymous expression.</p>
<p dir="ltr">A recent example of this restriction is the ban imposed to “Secret,” an Internet application that markets itself as a “safe place to say what’s on your mind anonymously.” Invoking the Brazilian constitution’s prohibition, the public prosecutor’s office <a href="http://techcrunch.com/2014/08/20/brazil-court-issues-injunction-against-secret-and-calls-for-app-to-be-remotely-wiped/">brought a lawsuit against the service</a>, which had quickly become extremely popular in Brazil. Although later overturned, an injunction was granted to ban “Secret” from online application stores (Google and Apple) in Brazil and to have it remotely removed from devices where it had already been installed.</p>
<p dir="ltr">This high-profile case points to a potential danger of broadening the scope of the constitution’s prohibition and applying it to prevent the use of privacy enhancing technologies, which would also bring undesirable repercussions to the rights of reading and browsing anonymously. (<em><a href="https://www.eff.org/files/2015/02/10/unanonymity-encryption-eff.pdf">Check EFF’s policy paper on Anonymity and Encryption</a></em>).</p>
<p dir="ltr">The Marco Civil remains one of the best-crafted and democratically debated expressions of rights online to acquire the force of law in the world. But it’s not the end of the story. Like every foundational document, from any Constitution to the Universal Declaration of Human Rights, the real challenges come in interpretation and enforcement. It’s up to Brazil’s engaged citizens to make sure that the law and upcoming legislation upholds the high standard its creators set.</p>
</div></div></div>Thu, 26 Feb 2015 01:58:01 +0000katitza84822 at https://www.eff.orgCommentaryFree SpeechInternational Privacy StandardsMandatory Data RetentionVigilancia de Estado & Derechos HumanosDía de la Privacidad: Autoridad Del Distrito Federal de México Firma los 13 Principioshttps://www.eff.org/es/node/84252
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><div class="ace-line" id="magicdomid3304"><span>El 28 de enero se celebra el día Internacional de la protección de datos. La celebración tiene como propósito llamar la atención de la ciudadanía acerca de las mejores prácticas para defender nuestros derechos fundamentales frente a la vigilancia desmedida y descontrolada llevada a cabo por la policía y los agentes de inteligencia. </span></div>
<p class="ace-line"></p>
<div class="ace-line"><span>En el marco de esta celebración, el <a target="_blank" href="http://www.infodf.org.mx/web/">Instituto de Acceso a la Información Pública y Protección de Datos Personales del Distrito Federal </a>(InfoDF) suscribió los <a target="_blank" href="https://es.necessaryandproportionate.org/text">Principios Internacionales sobre la Aplicación de los Derechos Humanos a la Vigilancia de las Comunicaciones</a>, que servirán de guía para limitar la vigilancia en línea</span><span>. En el evento participaron el Comisionado Presidente Mucio Hernández, la comisionada Elsa Bibiana Hernández, el comisionado Luis Fernando Sánchez Nava y diversas organizaciones de la sociedad civil, como la <a target="_blank" href="http://www.amarcmexico.org/">Asociación Mundial de Radios Comunitarias en México</a></span><span> (AMARC-México), </span><a target="_blank" href="http://www.centralcyc.mx/"><span class="author-a-z122zz78zz86zez65zz83z8303j5dvog">Central Ciudadano y Consumidor, A.C.</span></a><span>, Latinoamericanistas y <a target="_blank" href="http://contingentemx.net/">ContingenteMx</a>. <br /></span></div>
<div class="ace-line" id="magicdomid3234"></div>
<blockquote><div class="ace-line" id="magicdomid3235"><span>"La adhesión a los 13 Principios Internacionales por parte de los órganos garantes de los datos personales en la ciudad de M</span><span><span>éxico</span> es de gran relevancia en nuestro país, acot</span><span><span><span>ó</span></span> la Profesora del Tecnológico de Monterrey, Paola Ricaurte. "La normativa vigente promueve la vigilancia masiva de las comunicaciones a través de medidas desproporcionadas e innecesarias. Ello ha significado un retroceso profundo en materia de derechos humanos. Las leyes secundarias en materia de telecomunicaciones aprobadas en julio de 2014 son incompatibles con las normas internacionales de derechos humanos que el Gobierno Mexicano ha firmado y además son violatorias de los 13 Principios", enfatiz</span><span><span>ó Ricaurte</span>. </span></div>
<div class="ace-line" id="magicdomid3236"></div>
</blockquote>
<p><span>En el evento, Katitza Rodríguez, Directora Internacional de Derechos Humanos de la EFF, recalcó la necesidad de respetar y aplicar las normas existentes de derechos humanos en el ámbito de las vigilancia de las comunicaciones y usar los principios como guía para su efectiva implementación. "Es necesario educar a la policía y los fiscales que conducen o autorizan la vigilancia en la aplicación de los derechos humanos, Rodríguez resalt</span><span><span>ó.</span></span></p>
<p><span>El InfoDF mencionó que tiene la intención de promover la implementación de los Principios en la ciudad de México e insistió que los ciudadanos deben ejercer y solicitar mayor transparencia del Estado. </span><span>El comisionado presidente, Mucio Israel Hernández Guerrero, señaló que en el tema de la Protección de Datos Personales, el Estado no puede dar un paso atrás. Con esta firma, declaró, se pretende dar un paso adelante hacia la protección de la privacidad en la Ciudad de México. Mucio Hernández agradeció el acompañamiento de las organizaciones y refrendó el compromiso del INFODF para proteger los datos personales y promover los 13 Principios en la ciudad de México.</span></p>
<div class="ace-line" id="magicdomid3241"><span>La discusión acerca de los 13 principios es sumamente pertinente, puesto que en estos días, el <a target="_blank" href="http://www.ift.org.mx/iftweb/">Instituto Federal de Telecomunicaciones</a> (IFT) se encuentra discutiendo el <a target="_blank" href="http://www.ift.org.mx/iftweb/wp-content/uploads/2014/11/Comentarios_R3D_Consulta_IFT-.pdfhttp://www.ift.org.mx/iftweb/wp-content/uploads/2014/11/Comentarios_R3D_Consulta_IFT-.pdf">Anteproyecto de lineamientos de colaboración en materia de Seguridad y Justicia</a> en el que debe definirse de manera específica cómo se hacen operativas las disposiciones aprobadas en la Ley Telecom. </span></div>
<blockquote><div class="ace-line" id="magicdomid3243"><span>"Al suscribir los 13 principios, la Ciudad de México se coloca a la vanguardia en el país en lo concerniente a la promoción de los principios internacionales en materia de protección de la privacidad", indicó Paola Ricaurte, Profesora del Tecnológico de Monterrey en su exposición durante la ceremonia oficial.</span></div>
</blockquote>
<div class="ace-line" id="magicdomid3245"><span>Las organizaciones de la sociedad civil presentes en la ceremonia, recomendamos a las instituciones gubernamentales garantes de la privacidad y los datos personales:</span></div>
<div class="ace-line" id="magicdomid3247">
<ul class="list-bullet1"><li><span>Adherirse a los Principios Internacionales sobre la Aplicación de los Derechos Humanos a la Vigilancia de las Comunicaciones como guía para la efectiva implementación de los Tratados de Derechos Humanos ya existentes suscritos por el Gobierno de México;</span></li>
</ul></div>
<div class="ace-line" id="magicdomid3248">
<ul class="list-bullet1"><li><span>Impulsar la implementación de los estándares internacionales de derechos humanos en el contexto de la vigilancia, incluyendo los Principios Internacionales sobre la Aplicación de los Derechos Humanos a la Vigilancia de las Comunicaciones en la ciudad de México;</span></li>
</ul></div>
<div class="ace-line" id="magicdomid3249">
<ul class="list-bullet1"><li><span>Impulsar la transparencia sobre el uso y el alcance de las leyes de vigilancia de las comunicaciones de acuerdo a lo establecido en los 13 Principios; En particular, los Estados no deberían interferir con los proveedores de servicios en sus esfuerzos para publicar los procedimientos aplicables a la evaluación y el cumplimiento de solicitudes de vigilancia requeridas por los Estados. Además el Estado debe proporcionar a las personas la información suficiente para que puedan comprender plenamente el alcance, naturaleza y aplicación de las leyes, reglamentos y lineamientos de vigilancia.</span></li>
</ul></div>
</div></div></div>Wed, 28 Jan 2015 18:27:00 +0000katitza84252 at https://www.eff.orgCall To ActionInternational Privacy StandardsMandatory Data RetentionVigilancia de Estado & Derechos HumanosBritons: You Have 72 Hours to Stop The Snooper's Charterhttps://www.eff.org/es/deeplinks/2015/01/britons-you-have-72-hours-stop-snoopers-charter
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><a href="https://act.eff.org/action/tell-britain-s-lords-don-t-let-the-snooper-s-charter-sneak-past-you"><img src="/files/2015/01/23/uk-union-jack-sm-act.png" alt="" class="image-right" height="249" width="225" /></a></p>
<p><em><strong>Update:</strong> You did it! After a forceful debate on Monday 26 January, in which many peers protested the introduction of these amendments, Lord Blair withdrew them from consideration.</em></p>
<p>Directly after the Charlie Hebdo massacre, we <a href="https://www.eff.org/deeplinks/2015/01/wake-charlie-hebdo-attack-lets-not-sacrifice-even-more-rights">cautioned</a> the public and politicians to be "wary of any attempt to rush through new surveillance and law enforcement powers." With depressing predictability, we've already seen that happen <a href="http://www.nytimes.com/2015/01/22/world/europe/amedy-coulibaly-paris-gunman-france.html?_r=0">across</a> <a href="https://firstlook.org/theintercept/2015/01/20/europe-considers-surveillance-expansion/">the</a> <a href="https://blog.cyberwar.nl/2015/01/eu-counter-terrorism-coordinator-invites-ec/">continent</a>. Nowhere, however, has the attempt to bypass democratic debate been more blatant than in the United Kingdom, where a handful of unelected peers has taken the language of an old and discredited Internet surveillance proposal, and attempted to slam it, at outrageously short notice, into the wording of a near-complete counter-terrorism bill.</p>
<p>The result is that, unless you take action to warn Britain's House of Lords in time for the debate on Monday, there is a good chance that Britain will pass the infamous <a href="https://www.eff.org/deeplinks/2012/06/uk-mass-surveillance-bill-return-bad-idea">Snooper's Charter</a> into law with barely any oversight.</p>
<p>On Thursday, Lords Blair, King, West, and Carlile delivered over <a href="http://www.publications.parliament.uk/pa/bills/lbill/2014-2015/0075/amend/su075-I-rev-b.htm">eighteen pages of amendments</a> to the Counter-Terrorism and Security Bill, which is currently being debated in Britain's upper house, the House of Lords. While the House of Lords is unelected, the majority of its members are appointed by past and present British governments: the four peers have all been involved in police, military or intelligence oversight positions.</p>
<p>Their amendments are the core of the previously proposed, and rejected, <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/228824/8359.pdf">Communications Data Bill</a>, which would require ISPs to harvest and store data taken from their subscribers' online traffic, and hand this over to the government without a warrant.</p>
<p>The bill, called the <a href="https://www.liberty-human-rights.org.uk/campaigning/no-snoopers-charter">Snooper's Charter</a> since the UK's coalition government first proposed it in 2012, has been repeatedly criticized, and was currently sitting in parliamentary limbo after Nick Clegg, the leader of the coalition partners the Liberal Democrats, finally <a href="http://boingboing.net/2013/04/25/snoopers-charter-is-dead-f.html">withdrew his party's support</a> for its contents.</p>
<p>The peers' new amendments include some hasty rephrasing to cover some of the most obvious flaws in previous versions of the bill (now only the police and intelligence services have free rein to access your private metadata, as opposed to dozens of government bureaucracies anticipated in the original bill). But Parliament had more worries than just who had access to the data. The previous draft was examined by a <a href="http://www.parliament.uk/draft-communications-bill/">joint committee</a> of Lords and Members of Parliament, who unanimously rejected it, <a href="http://www.publications.parliament.uk/pa/jt201213/jtselect/jtdraftcomuni/79/7903.htm">saying</a> its cost estimates were "fanciful and misleading," and its privacy protections were "insufficient."</p>
<p>Even legal meaning of the new language is unclear, as the peers have declined to supply any explanatory notes to justify their new wording. But then, perhaps they did not expect to be called upon to explain to any degree of detail, given the tiny window of opportunity they have granted the rest of Parliament to examine the bill. The amendments announced on Thursday will be formally included into the bill on Monday, in a committee meeting that was not planned to include a vote. The Lords will then have <a href="https://gigaom.com/2015/01/22/uk-terror-law-amendments-would-bring-back-snoopers-charter/">two more</a> minor opportunities to debate the content of the bill before it is passed onto the elected House of Commons in its entirety for what is expected to be a simple up/down vote. Britain's members of parliament are currently distracted as they prepare for nationwide elections in May, which means it is highly likely that a major anti-terrorism bill like this will collect enough votes to pass.</p>
<p>Early indications from conversations with our colleagues at the UK's <a href="https://www.openrightsgroup.org/ourwork/reports/abuse-of-parliamentary-procedure">Open Rights Group</a> indicate that there's growing discontent among parliamentarians about how these amendments are being used to bypass parliamentary oversight. However, that's just the peers that have been paying attention. Dozens more would potentially step in to block the bill if they even knew what was happening before Monday.</p>
<p>That's where you come in. If you're a British citizen, you need to tell the members of the House of Lords that their right to analyze and discuss this legislation is being bypassed. We've set up an <a href="https://act.eff.org/action/tell-britain-s-lords-don-t-let-the-snooper-s-charter-sneak-past-you">action alert for UK Internet users</a>, so that you can send messages to the Twitter accounts of UK peers (you would be surprised how many British Lords use Twitter). You can also <a href="https://www.writetothem.com/lords">write to members of the House of Lords</a> through the free service WriteToThem.com, but given the time frame, <a href="https://act.eff.org/action/tell-britain-s-lords-don-t-let-the-snooper-s-charter-sneak-past-you">tweeting</a> or phone calls are much better. Your actions in the next seventy-two hours may make all the difference.</p>
</div></div></div>Fri, 23 Jan 2015 17:35:35 +0000danny83995 at https://www.eff.orgInternationalMandatory Data RetentionLey de Retención de Datos de Tráfico en Paraguay: ¿La Pieza Clave del Sistema de Vigilancia Masiva?https://www.eff.org/es/deeplinks/2014/12/ley-de-retencion-de-datos-de-trafico-en-paraguay-la-pieza-clave-del-sistema-de
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><img src="/files/2014/12/10/pyrawebs-1.jpg" alt="" class="image-right" height="205" width="301" />En una audiencia pública en el Congreso Paraguayo <a href="http://www.abc.com.py/nacionales/proyecto-es-centro-de-polemica-1306517.html">el mes pasado</a>, desde la Electronic Frontier Foundation junto con nuestros aliados paraguayos, la <a target="_blank" href="http://pyrawebs.tedic.org/">ONG TEDIC (líderes en el tema de derechos digitales en Paraguay y quienes nos invitaron a la audiencia)</a>, dejamos claro <a href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">nuestro rechazo</a> a la la propuesta legislativa de retener los datos de tráfico de usuarios de Internet por 12 meses en Paraguay. A pesar de ello, hay otra normativa que obliga la retención obligatoria de datos para fines comerciales.</p>
<p>Durante la audiencia, convocada por la Comisión de Derechos Humanos de la Cámara de Diputados del Paraguay, propusimos un sistema de preservación de datos, también conocido como «congelación rápida», el cual es una herramienta alternativa de investigación penal, que obliga a preservar los datos sólo a partir del momento que surge la sospecha, por un periodo específico, y con respecto a un caso en particular. TEDIC además <a href="https://www.eff.org/deeplinks/2014/12/pyrawebs-paraguayans-rise-against-mandatory-data-retention">demandó</a> la adopción de una norma genuina de protección de datos personales que regule la recolección, uso y divulgación de los datos de una persona en poder de las empresas y el gobierno.</p>
<p>Sin embargo, integrantes de la Unidad Especializada de Delitos Informáticos del Ministerio Público explicaron a los presentes que los registros de llamadas telefónicas, los SMS y la geolocalización de dispositivos móviles ya son almacenados por un periodo de 6 meses mediante una resolución del ente regulador, la Comisión Nacional de Telecomunicaciones (Conatel), que data del año 2002.</p>
<p>Asimismo, puntualizaron que por el Artículo 10 de la <a href="http://digesto.senado.gov.py/ups/leyes/8092.pdf">Ley N° 4868 de Comercio Electrónico</a> [PDF], referente a las operaciones realizadas a través de medios electrónicos en el Paraguay, ya se produce una guarda de datos a los efectos de registrar las transacciones comerciales. Existe un mandato a proveedores de Internet que deberán “almacenar los datos de conexión y tráfico generados por las comunicaciones establecidas durante la prestación de un servicio” por un periodo de 6 meses, con el efecto de “facilitar la localización del equipo terminal empleado por el usuario para la transmisión de la información”.</p>
<p>La misma ley señala que los Proveedores del Servicio de Alojamiento de datos "no podrán utilizar los datos almacenados para fines distintos a los que estén permitidos por la ley".</p>
<p>Recientemente, Paraguay ha creado un Sistema Nacional de Inteligencia (SINAI) con la aprobación de la <a href="http://digesto.senado.gov.py/ups/leyes/8620.pdf">Ley N° 5241</a>[PDF], que también propicia la intervención de las comunicaciones telefónicas e informáticas, previa autorización judicial, como lo expusieron los funcionarios de la Unidad Especializada de Delitos Informáticos del Ministerio Público de Paraguay.</p>
<p>La conformación del futuro Sistema Nacional de Inteligencia, que <a href="http://www.nanduti.com.py/v1/noticias-mas.php?id=80422&amp;seccion=Politica">surge a partir</a> de la necesidad de organismos estatales de centralizar los datos y compartirlos de manera más eficiente entre instituciones, cuenta con el manifiesto apoyo del Poder Ejecutivo <a href="http://www.presidencia.gov.py/noticia/14455-gobierno-analiza-presupuesto-para-organizar-la-nueva-secretaria-de-inteligencia.html#.VInj1TGG-So">para dotarlo</a> de presupuesto y personal especializado en inteligencia.</p>
<p>En ese sentido, la Secretaria Nacional de Inteligencia, la Fiscalía y Ministerio del Interior de Paraguay pueden requerir la información reservada solamente sobre comunicaciones relativas a "personas de interés".</p>
<p>Al ser esto así, entonces, Paraguay no necesitaría otra norma de retención de datos como Pyrawebs, y tal vez sólo necesitaría reglas claras y precisas que dejen claro bajo que condiciones las autoridades del orden puedan acceder a los datos personales de las personas almacenados por terceros. Aquel acceso, además, tendría que ser particularizado, es decir, necesario, proporcional e idóneo.</p>
<p>Durante la audiencia, TEDIC y EFF resaltaron la necesidad de establecer mecanismos independientes de supervisión para garantizar la transparencia y la rendición de cuentas de la vigilancia de las comunicaciones. También recomendamos que el gobierno Paraguayo publique, como mínimo, información global sobre el número de solicitudes aprobadas y rechazadas, un desglose de las solicitudes por proveedor de servicios, por autoridad investigadora, el tipo y propósito, y el número específico de personas afectadas por cada una y según el tipo de investigación y sus propósitos.</p>
<p>Esperemos que Paraguay rechace la ley Pyrawebs, adopte una norma de protección de datos personales genuina que regule la recolección, uso y divulgación de datos de una persona. También que exija que las entidades del orden respeten y garanticen los derechos humanos de las personas, asegurándose que los procedimientos legales que rigen cualquier interferencia con los derechos humanos estén enumerados apropiadamente en la ley, sean practicados consistentemente y estén disponibles para el público general. </p>
</div></div></div>Sat, 13 Dec 2014 03:20:24 +0000katitza83546 at https://www.eff.orgPolicy AnalysisInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosLa Retención de Datos de Tráfico en Paraguay Es Espionaje Masivo e Inconstitucionalhttps://www.eff.org/es/deeplinks/2014/11/la-retencion-de-datos-de-trafico-en-paraguay-es-espionaje-masivo-e
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>Este articulo ha sido co-escrito por Maricarmen Sequera, Luis Pablo Alonso Fulchi y Katitza Rodríguez</em></p>
<p>El <a target="_blank" href="http://sil2py.diputados.gov.py/formulario/VerDetalleTramitacion.pmf?q=VerDetalleTramitacion%2F102821">proyecto de ley de retención de datos de Paraguay</a> obliga a los proveedores de servicios de Internet (ISPs) a conservar, durante 12 meses, los detalles de quién se comunica con quién, por cuánto tiempo, y desde dónde. También permite a las autoridades tener acceso a estos datos históricos mediante una orden del juez de garantías, exponiendo la información de geolocalización que revela el paradero físico de los paraguayos a través del tiempo. Este régimen expande la capacidad del gobierno Paraguayo de vigilar masivamente a sus ciudadanos, en última instancia, dañando la privacidad, la asociación, el anonimato y la libertad de expresión.</p>
<p><b>¿Cómo Funciona?<br /></b></p>
<p>La mayoría de los proveedores de acceso Internet y transmisión de datos dan una dirección IP a los usuarios en el momento de su conexión a Internet, que cambia periódicamente. La propuesta en cuestión obligará a los ISPs y proveedores de telecomunicaciones a llevar un registro de sus asignaciones de dirección IP durante un período de 12 meses así como la información de "origen" y "destino" de las comunicaciones de los usuarios. Esto permitirá a la policía solicitar a los ISPs y proveedores que identifiquen a una persona sobre la base de la IP que le había sido asignada en una fecha y hora determinada. Además podrán solicitar la información de con qué otras IPs se comunicó dicha persona. </p>
<p><b> ¿Por Qué Debería Preocuparte?</b></p>
<p>La retención obligatoria de datos de tráfico afecta a millones de usuarios inocentes, es decir, tú y tus amigos que no son sospechosos de ningún delito. Además compromete el anonimato en línea, que es crucial para los investigadores, periodistas, movimientos sociales, ONGs de derechos humanos, todos y todas aquellas que se dedican a la expresión política.</p>
<p>La retención de datos obligatoria es una medida nvasiva y desproporcionada. Esta obligación exige que se recolecte tu dirección IP y se retenga por cada paso que des en línea. Los riesgos de privacidad y libertad de expresión aumentan a medida que estas bases de datos se vuelven vulnerables al robo y la divulgación accidental. Los proveedores de servicios deben absorber el costo de almacenar y mantener estas grandes bases de datos y, a menudo pasan estos costos a los consumidores.</p>
<p><b>¿Cuáles son los Riesgos de la Retención Obligatoria de Datos de Tráfico?</b> </p>
<p>La retención obligatoria de datos de tráfico crea un enorme potencial para el abuso y debe ser rechazada por ser una infracción grave del derecho a la protección de datos personales y las libertades fundamentales de las personas. Este proyecto apoya la vigilancia masiva de cada personas, lo que no debe ser tolerado en un país donde se valora la libertad y la democracia. Además afecta la confidencialidad de las comunicaciones entre médico-paciente, abogado-cliente, periodistas y sus fuentes, entre otras comunicaciones que pertenecen a la estricta esfera privada.</p>
<p>El proyecto de ley de retención de datos en Paraguay usa un lenguaje tan vago que permite una interpretación que va más allá que la Directiva Europea y aplica a cualquier persona física o entidad que ofrezca acceso a Internet, como pueden ser cibercafés, cafeterías, bibliotecas, o empresas que proporcionan a sus empleados acceso a Internet en el trabajo.</p>
<p><b>¿Cuáles son las Condiciones que Restringen el Acceso a los Datos Conservados?</b></p>
<p>Una pregunta importante a realizar se refiere a las condiciones en que los funcionarios del gobierno Paraguayo pueden tener acceso a los datos conservados. En comparación de otros proyectos, este, no parece limitar el acceso a los datos retenidos a casos de investigaciones de delitos graves, y más bien, permite que los datos sean utilizados para cualquier tipo de delito tales como las descarga p2p, difamación y cualquier otro tipo delito de índole menor.</p>
<p>Una pregunta relacionada es la fuente de autoridad para el acceso (si bien es necesaria la autorización del juez de garantías), no queda claro en el proyecto si existe un nivel de sospecha o justificación que se deba cumplir para acceder a aquellos datos que el juez de garantías debe evaluar. Lamentablemente el proyecto de ley tampoco limita adecuadamente cuáles son aquellos datos de tráfico que serán conservados sino que da una lista meramente enunciativa y no taxativa como es la dirección IP, origen y destino de la misma, hora y fecha de conexión y en su caso, fecha y hora de desconexión.</p>
<p>La norma expresamente excluye el contenido de las comunicaciones, creando una distinción artificial entre contenido y metadatos. Como es de esperar, esta diferenciación se basa en el modelo tradicional del servicio postal, que distingue entre la información escrita en el sobre y el contenido del sobre.</p>
<p>Tal como explicamos en el <a target="_blank" href="https://es.necessaryandproportionate.org/AnalisisLegal">análisis legal y jurisprudencia comparada de los Principios Internacionales sobre la Aplicación de los Derechos Humanos a la Vigilancia de las Comunicaciones</a>, esta antigua distinción carece de sentido debido a que los métodos de interceptación digital funcionan de otra forma, por ejemplo, la interceptación del correo electrónico consiste en que el contenido y los metadatos estén disponibles de manera inmediata a los organismos que se encargan de realizar dicha intervención.</p>
<p>Por otra parte, hoy en día los ISPs almacenan los metadatos en formatos digitales y pueden adquirirlos masivamente en formas que no tienen equivalente en el servicio postal. Además, no hay comparación “postal” con la gran cantidad de actividad anónima en línea que se puede vincular a una persona cuando la información del suscriptor es revelada al Estado.</p>
<blockquote><p>Estas distinciones fueron adoptadas como una especie de medida aproximada a la intimidad —la idea de que simplemente conociendo quien recibió la carta en un determinado momento no fuese tan reveladora como el contenido mismo de la carta. Sin embargo, el aumento en la abundancia de metadatos, y las técnicas de acumulación y análisis de la misma, significa que incluso “simples metadatos” son capaces de revelar mucho más acerca de las actividades o pensamientos de un individuo que lo que sucedía hace treinta o cuarenta años atrás. </p>
<p>Esto se debe, en parte, a la creciente cantidad y al alcance de los datos recolectados: a principios de 1980, por ejemplo, cuando el Tribunal Europeo de Derechos Humanos atendió por primera vez una denuncia sobre el uso de medidores telefónicos para recopilar detalles de las llamadas telefónicas de un sospechoso, la única información que se registraba eran los números de teléfono llamados y la duración de las llamadas telefónicas. </p>
<p>En la actualidad, los organismos estatales buscan recopilar no solo las identidades de las personas que llaman, sino también sus datos de facturación, direcciones, datos de tarjetas de crédito, marca y modelo de los teléfonos usados, y datos de localización geográfica de sus movimientos físicos. </p>
<p>Del mismo modo, en un ecosistema donde los individuos dejan sus huellas electrónicas tras todas sus interacciones digitales, la identificación del usuario de la dirección IP, el identificador de un dispositivo móvil, la dirección IP de un correo electrónico, un identificador del abonado móvil (IMSE) o una dirección de correo electrónico pueden ser tremendamente reveladores. De este modo, los metadatos pueden ser un “<i>proxy</i> de contenido”. Además, hoy día la gente usa las tecnologías de las comunicaciones con más frecuencia que cuando las comunicaciones se hacían, mayormente, a través de cartas. Por último, e igualmente importante, la capacidad del gobierno para recopilar todos estos datos, por un largo periodo de tiempo y organizándolos por medio de modernas técnicas de vigilancia permiten crear un retrato íntimo de la vida de una persona a partir de simples datos de tráfico.</p></blockquote>
<p><b>Corte Interamericana De Derechos Humanos: Escher y Otros vs. Brasil </b></p>
<p>Sobre la cuestión de si los metadatos de las comunicaciones están protegidos por el derecho a la privacidad, la Corte Interamericana de Derechos Humanos ha decidido en <a href="https://web.archive.org/web/20140527113509/http://www.corteidh.or.cr/docs/casos/articulos/seriec_200_esp1.pdf">Escher v Brasil </a>que tanto el contenido como los metadatos están protegidos (<a target="_blank" href="http://r3dmx.tumblr.com/post/97564209170/the-metadata-debate-a-latin-american-perspective">Leer mas</a>):</p>
<blockquote><p>"114. Como esta Corte ha señalado anteriormente, aunque las conversaciones telefónicas no se encuentran expresamente previstas en el artículo 11 de la Convención, se trata de una forma de comunicación incluida dentro del ámbito de protección de la vida privada. El artículo 11 protege las conversaciones realizadas a través de las líneas telefónicas instaladas en las residencias particulares o en las oficinas, sea su contenido relacionado con asuntos privados del interlocutor, sea con el negocio o actividad profesional que desarrolla. De ese modo, el artículo 11 se aplica a las conversaciones telefónicas independientemente de su contenido e incluso, puede comprender tanto las operaciones técnicas dirigidas a registrar ese contenido, mediante su grabación y escucha, como cualquier otro elemento del proceso comunicativo mismo, por ejemplo, el destino de las llamadas que salen o el origen de las que ingresan, la identidad de los interlocutores, la frecuencia, hora y duración de las llamadas, aspectos que pueden ser constatados sin necesidad de registrar el contenido de la llamada mediante la grabación de las conversaciones. En definitiva, la protección a la vida privada se concreta en el derecho a que sujetos distintos de los interlocutores no conozcan ilícitamente el contenido de las conversaciones telefónicas o de otros aspectos, como los ya mencionados, propios del proceso de comunicación".</p></blockquote>
<p><b>Marco Normativo Paraguayo</b></p>
<p>El patrimonio documental de las personas tiene un rango constitucional y se encuentra en el <a href="http://www.constitution.org/cons/paraguay.htm">artículo 36 de la Constitución Nacional de Paraguay</a> del año 1992. La inviolabilidad de la correspondencia epistolar consagrada en el artículo 36 de la Carta Magna se extiende a todas las comunicaciones realizadas por cualquier medio. La Constitución también reconoce en su artículo 137 los tratados Internacionales ratificados por el Estado Paraguayo y consolidan la legalidad de los mismos sobre los derechos humanos.</p>
<p>Por otro lado, Paraguay ha ratificado el <a href="http://www.oas.org/dil/esp/tratados_B-32_Convencion_Americana_sobre_Derechos_Humanos.htm">Pacto de San José de Costa Rica</a>, el cual protege los derechos civiles y políticos en su<i> </i>artículo<i> 11.2</i>, declarando:</p>
<blockquote><p> "Nadie puede ser objeto de injerencias arbitrarias o abusivas en su vida privada, en la de su familia, en su domicilio o en su correspondencia, ni de ataques ilegales a su honra o reputación". </p></blockquote>
<p>A su vez, es miembro de MERCOSUR, por lo que está sujeto al Código de Ética de Abogados para el MERCOSUR, en <a href="http://www.diariojudicial.com/contenidos/2004/04/14/noticia_0019.html">su artículo 4.2 dice</a>:</p>
<blockquote><p>"Las comunicaciones se presumen confidenciales —las comunicaciones epistolares entre abogado y cliente, no pueden ser reveladas a terceros".</p></blockquote>
<p>Lamentablemente Paraguay no cuenta con una <a href="http://www.bacn.gov.py/MTc2MA==&amp;ley-n-1682">Ley de Datos Personales propiamente dicha</a>. La ley Nº1682/2001 regula única y exclusivamente a los sistemas de información crediticios en las entidades bancarias y financieras. Esto dificulta la protección de datos sensibles. </p>
<p>Por tanto, el anteproyecto de ley del Senado resulta anacrónico. A pesar de esta propuesta, el país cuenta con una interesante batería de normas que resguardan los derechos civiles en el territorio. </p>
<p>Quizás el debate de este anteproyecto se debería llevar a un plano más profundo y discutir por un lado, la necesidad de una ley de protección de datos personales genuina, en torno a una agenda pública de debate. De todo esto, se esperaría como resultado una regulación robusta y eficiente que sirviera de piedra angular en la defensa de los derechos fundamentales.</p>
<p>Asimismo, Paraguay debe cumplir con sus obligaciones ya existentes: es decir que cualquier medida de vigilancia debe ser prescrita por la ley (para ser legal en virtud del derecho internacional de los derechos humanos). Además, debe ser "necesaria" para lograr un objetivo legítimo, idóneo y "proporcional" al objetivo deseado. Este requisito es importante para asegurarse que el gobierno no adopta medidas de vigilancia que amenazan los cimientos de una sociedad democrática. Por todo esto debe darse marcha atrás a este camino sin salida que resulta del mandato de retención de datos, y como ya se mencionó el Estado Paraguayo, debe cumplir con sus obligaciones internacionales de derechos humanos. Por su propia naturaleza, la vigilancia masiva no conlleva ningún tipo de dirección o de selección, y mucho menos ninguna obligación de las autoridades de demostrar una sospecha razonable o causa probable. En consecuencia, la vigilancia masiva es inevitablemente desproporcionada como una simple cuestión de definición.</p>
<p>--</p>
<p><b>Informaci</b><b><b>ón Complementaria: Políticas Públicas Comparada</b></b></p>
<p>La Gran Sala del Tribunal de Justicia de la Unión Europea en su decisión de <i><a href="http://curia.europa.eu/juris/document/document.jsf?doclang=EN&amp;text=&amp;pageIndex=1&amp;part=1&amp;mode=req&amp;docid=150642&amp;occ=first&amp;dir=&amp;cid=572131">Digital Rights Ireland Ltd del 2014</a>,</i> declaró inválida la Directiva de conservación de datos de la Unión Europea. En otras palabras, <a target="_blank" href="http://www.internetsociety.org/blog/public-policy-tech-matters/2014/05/win-privacy-8-year-old-eu-directive-data-retention-ruled">nunca debería haber sido aprobado</a>.</p>
<p>La Directiva considera que la recogida masiva de datos de Internet en Europa supone una "<em>interferencia de amplio alcance y particularmente grave de los derechos fundamentales a la vida privada y a la protección de los datos personales"</em>.</p>
<p>La Gran Sala también sostuvo que, a pesar de que la retención de datos de telecomunicaciones perseguía el objetivo legítimo de la lucha contra “<em>delitos graves</em>”, la naturaleza de la obligación implicaba “<em>una injerencia en los derechos fundamentales de la práctica totalidad de la población europea</em>”, incluidas “<em>las personas para las que no hay pruebas que sugieran que su conducta podría tener una vinculación, incluso indirecta o remota, con un delito grave</em>”.</p>
<p>Más recientemente, se han emitido fuertes críticas a los mandatos de retención de datos por parte de organismos de política internacional. El 27 de marzo, el Comité de Derechos Humanos de la ONU (<a target="_blank" href="http://www.ohchr.org/EN/HRBodies/CCPR/Pages/Membership.aspx">órgano de expertos independientes</a> que supervisa la aplicación del <a href="http://www.ohchr.org/EN/ProfessionalInterest/Pages/CCPR.aspx">Pacto Internacional de Derechos Civiles y Políticos</a> por sus Estados Partes) emitió por primera vez un informe oficial sobre la privacidad en la era digital, instando a los Estados Unidos a que se "<em>abstengan de imponer la retención obligatoria de datos por parte de terceros</em>". Recientemente, la <a href="https://www.eff.org/deeplinks/2014/07/un-human-rights-report-and-turning-tide-against-mass-spying">Oficina del Alto Comisionado de las Naciones Unidas para los Derechos Humanos, Navi Pillay</a>, emitió un informe sin precedentes, criticando expresamente mandatos de retención de datos y declarando que ellos no son ni necesarias ni<br />
proporcionales: "<em>La retención de datos obligatoria por terceros, [...], parece innecesario y desproporcional</em>".</p>
<p>Mientras tanto, América Latina ya en 2005, experimentó <a href="https://www.eff.org/pages/success-story-breaking-news-about-data-retention">un rechazo judicial</a> de un mandato de retención de datos: una regulación argentina obligaba a<br />
los operadores de telecomunicaciones y proveedores de Internet a registrar, indexar y almacenar datos de tráfico por un período de 10 años. La Fundación Vía Libre, se defendió con una campaña de medios de comunicación, y en combinación con una estrategia de litigio dirigido por una organización del sector privado, lograron el rechazo del mandato por parte de la Corte Suprema de Argentina; este caso fue conocido como “Halabi c/ PEN” (Fallos 332:111).</p>
</div></div></div>Tue, 11 Nov 2014 04:16:23 +0000katitza83101 at https://www.eff.orgPolicy AnalysisInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosTo Nobody's Surprise, Australian “Terrorism” Law May Be Used for Copyright Enforcementhttps://www.eff.org/es/node/82968
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>As we <a href="https://www.eff.org/deeplinks/2014/10/stop-spies-australians-rise-against-mandatory-data-retention">foreshadowed</a>, a new law requiring mandatory data retention by ISPs <a href="http://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:&quot;legislation/ems/r5375_ems_e6cf11b4-5a4e-41bc-ae27-031e2b90e001&quot;">was introduced</a> into the Australian federal parliament last week. In the few days since then, there have been <a href="http://www.abc.net.au/news/2014-11-04/berg-the-jig-is-up-on-data-retention-plans/5864432">claims and counter-claims</a> about whether data obtained under the new law would be limited to use in fighting major crimes (such as terrorism, as the government originally claimed), or if it could be used to target citizens who download and share files online.</p>
<p>The current party line, from flip-flopping Attorney-General George Brandis (whom some may remember from this <a href="https://www.youtube.com/watch?v=Hw1ryLGs2ws">train-wreck interview</a> in which he attempted to define “metadata”) is that the new laws “can't be and they won't be” used to prosecute file sharers, because copyright infringement is only a civil offense.</p>
<p>Except, of course, when it isn't. There are a wide range of criminal offenses defined under Australia's copyright law, including penalties for sharing copyright works on (what is loosely defined as) a <a href="http://www.austlii.edu.au/au/legis/cth/consol_act/ca1968133/s132ac.html">commercial scale</a>, and penalties for <a href="http://www.austlii.edu.au/au/legis/cth/consol_act/ca1968133/s132apc.html">breaking DRM</a>—both of which result from Australia's 2005 free trade agreement with the United States, and are likely to be replicated and perhaps toughened in the <a href="https://eff.org/issues/tpp">Trans-Pacific Partnership</a>.</p>
<p>Moreover, as Minister for Communications, Malcolm Turnbull, has <a href="http://www.zdnet.com/au/film-studios-could-use-retained-data-to-sue-torrenters-7000035263/">admitted</a>, once the data has been collected and is being retained by an ISP, there is nothing to prevent a civil court from allowing access to that data to other parties, for purposes other than those the government intended. This might, for example, include a movie studio suing an ISP for release of retained customer data to support lawsuits or shakedown claims against those customers. (By no coincidence, exactly such a lawsuit is <a href="http://blog.iinet.net.au/not-our-kind-of-club/">currently underway</a>.)</p>
<p>The only solution is the obvious one—not to require the collection and retention of the data in the first place. If data stored under a compulsory mandate can be misused for extraneous purposes, <a href="http://www.ushmm.org/outreach/en/article.php?ModuleId=10007703">history tells us</a> that it will be. This lesson lies behind the adoption of data minimization as a key principle of modern data protection law—a lesson that Australia's lawmakers seem to have forgotten.</p>
<p>If even the government itself can't give a clear account of what metadata will be collected and whether or not it will be used in enforcing copyright laws, why should ordinary Internet users have any faith that their collected data won't be misused in practice? Now is time for Australian users to stand up to their government and <a href="https://stopthespies.org/">Stop the Spies</a>, before it's too late.</p>
</div></div></div>Tue, 04 Nov 2014 01:17:23 +0000jmalcolm82968 at https://www.eff.orgInternationalMandatory Data RetentionStop the Spies: Australians Rise Up Against Mandatory Data Retentionhttps://www.eff.org/es/node/82590
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>It is a tried and tested technique: fomenting a culture of fear of ceaseless war or terrorism, in order to justify arbitrary and authoritarian incursions on civil liberties back at home. We've read about it in George Orwell's <i>1984</i>, we've heard about it being practised by oppressive regimes such as North Korea, and now we're witnessing it first-hand, in our own supposed liberal democracies including the <a href="https://www.eff.org/deeplinks/2013/11/nsas-surveillance-powers-extend-far-beyond-terrorism-despite-governments">United States</a>, the <a href="https://www.eff.org/deeplinks/2014/07/dont-emulate-united-states-terrible-record-surveillance-oversight-britain">United Kingdom</a> and now <a href="https://www.eff.org/deeplinks/2014/09/australian-government-scrambles-authorize-mass-surveillance">Australia</a>.</p>
<p>The latest shadow over the civil liberties of Australians is a yet-unnamed <a href="https://www.eff.org/issues/mandatory-data-retention">mandatory data retention</a> bill that will be introduced into the federal parliament during the week of 27 October. Under the flimsy pretext that this measure is urgently needed to fight terrorism (though actually its scope will be <a href="https://www.eff.org/deeplinks/2014/08/australian-proposal-would-require-suspicionless-domestic-spying-isps">far broader</a>), the bill, if passed, will require Australian Internet providers to scoop up highly personal information about their customers as they use the Internet, and to store it for two years for law enforcement agencies to access.</p>
<p>What you searched for before emailing your lawyer. Who you Skyped with afterwards. Who <i>they</i> have Skyped with. Where you were when chatting with your partner last night. The websites you visit during your lunchbreak. These are just a few examples of the kind of personal information that Australian government agencies will have at their fingertips under this Orwellian law.</p>
<p>Australians have not taken this threat lying down. On 6 October a grassroots website called <a href="http://www.stopthespies.org/">Stop the Spies</a> was launched to expose this threat and to mobilize ordinary Internet users to stop it. The site contains a form that Australians can use to contact their elected representatives to demand that their privacy be respected, and social media tools to build a network of resistance. If you're not in Australia, perhaps you have Australian friends—if so, you can still help by spreading the word!</p>
<p>We don't have long: there are only three weeks left before the mandatory data retention bill enters parliament, and it we can't sway enough politicians to defeat it before then, it will be another blow for online privacy that takes Australia further down path towards becoming a repressive surveillance state. Tweet <a href="https://twitter.com/search?q=#stopthespies">#stopthespies</a> and <a href="https://twitter.com/search?q=#StopDataRetention">#stopdataretention</a>, and if you are Australian, visit <a href="http://www.stopthespies.org/">Stop the Spies</a> today to demand your representatives vote against this draconian bill.</p>
<div class="mytube" style="width: 500px;">
<div class="mytubetrigger" tabIndex="0">
<img width="500" height="281" class="mytubethumb" alt="mytubethumb" src="https://www.eff.org/files/mytube/v_108065157.jpg" style="margin: 0" />
<img src="https://www.eff.org/sites/all/modules/contrib/mytube/play.png" class="mytubeplay" alt="play" style="top: 110.5px; left: 220px;" />
<div class="mytubeembedcode">%3Ciframe%20src%3D%22%2F%2Fplayer.vimeo.com%2Fvideo%2F108065157%3Ftitle%3D0%26amp%3Bbyline%3D0%26amp%3Bportrait%3D0%26autoplay%3D1%22%20webkitallowfullscreen%3D%22%22%20mozallowfullscreen%3D%22%22%20allowfullscreen%3D%22%22%20frameborder%3D%220%22%20height%3D%22281%22%20width%3D%22500%22%3E%3C%2Fiframe%3E</div>
</div><!--mytubetrigger-->
<div class="mytubetext">
<a href="https://www.eff.org/deeplinks/2008/02/embedded-video-and-your-privacy">Privacy info.</a> This embed will serve content from <em><a rel="nofollow" href="//player.vimeo.com/video/108065157?title=0&amp;byline=0&amp;portrait=0">vimeo.com</a></em><br /> </div>
</div>
<p>
<a href="http://vimeo.com/108065157">Stop The Spies</a> from <a href="http://vimeo.com/user33022745">Stop The Spies</a> on <a href="https://vimeo.com">Vimeo</a>.</p>
</div></div></div>Mon, 06 Oct 2014 18:35:01 +0000jmalcolm82590 at https://www.eff.orgCommentaryInternationalMandatory Data RetentionAustralia and Mexico Must Overhaul Data Retention Mandateshttps://www.eff.org/es/deeplinks/2014/08/australia-and-mexico-must-overhaul-data-retention-mandates
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today, Mexico’s newest data retention law <a target="_blank" href="http://eleconomista.com.mx/tecnociencia/2014/08/11/defensa-derechos-digitales-apenas-comienza">entered into force</a>. The Mexican telecom law compels <a target="_blank" href="https://www.eff.org/deeplinks/2014/05/proposed-mexican-telecom-law-would-be-disaster-internet-freedom">telecom providers</a> to retain, for two years, the details of who communicates with whom, for how long, and from where. It also allows the authorities access to these details without a court order, exposing geolocation information that reveals the physical whereabouts of Mexicans. Across the Pacific, the Australian government <a target="_blank" href="https://www.eff.org/deeplinks/2014/08/australian-proposal-would-require-suspicionless-domestic-spying-isps">plans to introduce</a> a <a target="_blank" href="https://www.eff.org/issues/mandatory-data-retention">data retention</a> mandate for Australian Internet Service Providers. These developments come on the heels of widespread opposition, and skepticism about whether blanket data retention mandates can ever be consistent with human rights law.</p>
<p>On April 8, the Grand Chamber of the Court of Justice of the European Union declared the EU's <a target="_blank" href="https://www.eff.org/issues/mandatory-data-retention">Data Retention Directive</a> invalid. The top court held that, although the retention of communications data under the Directive was for the legitimate aim of combating "serious crime," the blanket nature of the obligation entailed "an interference with the fundamental rights of practically the entire European population." Essentially, the court criticized the Directive for treating every person as a criminal suspect. The decision was a huge victory for European <a target="_blank" href="http://history.edri.org/edrigram/number11.14/data-retention-hearing-ecj-2013">human rights activists</a> who doggedly fought these draconian rules. The activists waged awe-inspiring advocacy campaigns, pursued effective litigation strategies, and organized what proved to be the largest-ever street protests against excessive surveillance. In Germany, the battle against the implementation of data retention gathered steam immediately after the law’s passage. The German coalition, AK Vorrat, brought public pressure against it and initiated a lawsuit on behalf of 34,000 citizens. The coalition was successful, as the German constitutional court <a target="_blank" href="https://www.eff.org/issues/mandatory-data-retention/germany">rejected</a> the data retention law as contrary to fundamental civil liberties guaranteed by the German constitution.</p>
<p>The consequences of data retention mandates are far-reaching, but one particularly troubling outcome is the erosion of journalists’ right to refuse to hand over evidence to law enforcement to protect the confidentiality of their sources. In <a target="_blank" href="https://www.eff.org/deeplinks/2012/04/european-data-retention-directive-work-polish-authorities-abuse-access-data">Poland</a>, the media reported on two major cases where intelligence agencies used retained traffic and subscriber data to illegally disclose <a target="_blank" href="http://panoptykon.org/wiadomosc/billingowanie-naruszenie-praw-dziennikarza-opinia-fundacji-w-precedensowym-procesie">journalistic sources</a>. In Germany, Deutsche Telekom illegally used telecom traffic and location data to <a target="_blank" href="http://www.spiegel.de/international/business/spy-scandal-grows-telekom-accused-of-tracking-journalists-mobile-phone-signals-a-556741.html">spy on about 60 individuals</a><span>—</span>including critical journalists, managers and union leaders<span>—</span>in order to try to find leaks. And in a particularly <a target="_blank" href="http://www.tjmcintyre.com/2011/02/judges-report-reveals-allegations-that.html">egregious case</a> from Ireland, a law enforcement officer reportedly used retained communications data to spy on her ex-boyfriend’s phone activities.</p>
<p>Meanwhile, Latin America <a target="_blank" href="https://www.eff.org/pages/success-story-breaking-news-about-data-retention">saw a judicial rejection</a> of a data retention mandate as early as 2005. An Argentine regulation there had compelled all telcos and ISPs to record, index, and store traffic data for a 10-year period. Argentine civil rights organization, Fundacion Via Libre, fought back with a media campaign, and, in combination with a litigation strategy led by a private sector organization, the regulation was thrown out by the Argentine Supreme Court.</p>
<p>More recently, strong criticisms of data retention mandates have been issued in international policy venues. On March 27, the UN Human Rights Committee (the body of <a target="_blank" href="http://www.ohchr.org/EN/HRBodies/CCPR/Pages/Membership.aspx">independent experts</a> that monitors implementation of the <a target="_blank" href="http://www.ohchr.org/EN/ProfessionalInterest/Pages/CCPR.aspx">International Covenant on Civil and Political Rights</a> by its State parties) issued its first-ever official report on privacy in the digital age, calling upon the United States to “refrain from imposing mandatory retention of data by third parties.”</p>
<p>And recently, the <a target="_blank" href="https://www.eff.org/deeplinks/2014/07/un-human-rights-report-and-turning-tide-against-mass-spying">Office of the United Nations High Commissioner for Human Rights</a>, Navi Pillay, issued a landmark report, expressly criticizing data retention mandates and stating that they are neither necessary nor proportionate:</p>
<blockquote><p>Mandatory third party data retention, a recurring feature of surveillance regimes in many States, where Governments require telephone companies and Internet service providers to store metadata about their customers’ communications and location for subsequent law enforcement and intelligence agency access appears neither necessary nor proportionate.</p></blockquote>
<p>For any surveillance measure to be legal under international human rights law, it must be prescribed by law. It must be “necessary” to achieve a legitimate aim and “proportionate” to the desired aim. This requirement is important to ensure that the government does not adopt surveillance measures that threaten the foundations of a democratic society.</p>
<p>The 13 Necessary and Proportionate Principles in particular, and international human rights law generally, are premised on the assumption that interferences with fundamental rights must be dealt with on a case-by-case basis. In this context, data retention mandates of innocent individuals, by its very nature, eradicates any consideration of proportionality and due process in favor of the indiscriminate interference with the right to privacy<span>—</span>and could never be compatible with States’ human rights obligations. Australia and Mexico must turn back from the dead-end path of data retention mandates, and uphold their international human rights obligations.</p>
<h2>References:</h2>
<p>International Principles on the Application of Human Rights to Communications Surveillance, updated July 2014 <a target="_blank" href="https://en.necessaryandproportionate.org/text">https://en.necessaryandproportionate.org/text</a></p>
<p>EFF, Article 19: Legal Analysis and Background Materials: International Principles on the Application of Human Rights to Communications Surveillance, May 2014 <a target="_blank" href="https://en.necessaryandproportionate.org/LegalAnalysis">https://en.necessaryandproportionate.org/LegalAnalysis</a></p>
<p>The Right to Privacy in the Digital Age <a target="_blank" href="http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx">http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx</a></p>
<p>Report of the High Commissioner for Human Rights on the right the privacy in the digital age <a target="_blank" href="http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf">http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf</a></p>
<p>Annual Report of the Inter-American Commission on Human Rights 2013. Annual Report of the Office of the Special Rapporteur for Freedom of Expression <a target="_blank" href="http://www.oas.org/en/iachr/expression/docs/reports/2014_04_22_%20IA_2013_ENG%20_FINALweb.pdf">http://www.oas.org/en/iachr/expression/docs/reports/2014_04_22_%20IA_2013_ENG%20_FINALweb.pdf</a></p>
<p>Human Rights Committee, General Comment 27, Freedom of movement (Art. 12), U.N. Doc CCPR/C/21/Rev.1/Add.9 (1999). <a target="_blank" href="http://www1.umn.edu/humanrts/gencomm/hrcom27.htm">http://www1.umn.edu/humanrts/gencomm/hrcom27.htm</a></p>
<p>UN Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms While Countering Terrorism, A/HRC/13/37UN</p>
<p>Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression, A/HRC/23/40</p>
</div></div></div>Thu, 14 Aug 2014 00:41:15 +0000kim81778 at https://www.eff.orgInternationalMandatory Data RetentionAustralian Proposal Would Require Suspicionless Domestic Spying by ISPshttps://www.eff.org/es/node/81735
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The Australian government <a href="http://www.theguardian.com/world/2014/aug/06/tony-abbott-national-security-witchhunt-warning">announced new anti-terrorism measures</a> this week, in response to the alleged involvement of Australian citizens with extremist groups in countries including Syria and Iraq. Quietly omitted from the briefing at which those changes were announced, but <a href="http://www.dailytelegraph.com.au/news/nsw/federal-government-to-keep-your-mobile-and-internet-data-for-two-years-in-war-on-homegrown-extremists/story-fni0cx12-1227013435230?nk=ec105a720b4b2af25dcb5b59350948d1#itm=newscomau%7Ctechnology%7Cncam-story-body-link%7C2%7Chttp://www.dailytelegraph.com.au/news/nsw/federal-government-to-keep-your-mobile-and-internet-data-for-two-years-in-war-on-homegrown-extremists/story-fni0cx12-1227013435230%7Cstory%7CBig%20Brother%20move:%20Why%20your%20data%20will%20be%20stored&amp;itmt=1407360270711">separately leaked to the press</a> this week, were the government's plans to introduce <a href="https://www.eff.org/issues/mandatory-data-retention">mandatory data retention</a> requirements for Australian Internet Service Providers (ISPs).</p>
<p>These changes are causing an outcry from <a href="https://www.efa.org.au/2014/08/05/no-justification-for-data-retention/">privacy advocates</a> and <a href="http://pirateparty.org.au/2014/08/05/pirate-party-denounces-data-retention-plans-of-digitally-illiterate-cabal/">political </a><a href="http://greens.org.au/node/5669">parties </a>alike. And they should.</p>
<p>The new measures remain shrouded in confusion—some of which is coming from its very <a href="http://www.abc.net.au/news/2014-08-07/brandis-explanation-adds-confusion-to-metadata-proposal/5654186">proponents</a>. There have been <a href="http://www.abc.net.au/news/2014-08-06/security-laws-abbott-browsing-history-not-collected/5652364">conflicting</a> <a href="http://www.news.com.au/technology/online/big-brother-is-watching-why-the-government-wants-to-keep-your-metadata/story-fnjwnfzw-1227014368716?from=public_rss">reports</a> about whether users' browser history would be hoovered up by the new surveillance laws. And in a now <a href="http://www.skynews.com.au/video/program_agenda/2014/08/06/agenda-security-laws-may-collect-metadata.html">infamous interview,</a> Attorney General George Brandis struggled to explain how retaining the addresses of websites visited was different than determining what content users were viewing. Prime Minster Tony Abbott also attempted and failed to make the same distinction two days later.</p>
<p>The government has <a href="http://www.theaustralian.com.au/national-affairs/government-seeks-to-clarify-data-retention-plans/story-fn59niix-1227015658281?nk=b43f114e78cf0d4628ca595981d79fd8">attempted to clarify</a>, emphasizing that the data retained would include the IP addresses of websites visited, as well as the times and durations of visits. Also included would be senders' and recipients' email addresses, IP addresses assigned to users, as well as details of phone calls such as caller and recipient numbers, caller location and duration.</p>
<p>This is still an extraordinary amount of information. And EFF has previously explained why <a href="https://www.eff.org/deeplinks/2013/06/why-metadata-matters">metadata matters</a> at least as much as the content of communications. Users can take no solace in the fact that content is not being collected. As former National Security Agency General Counsel Stu Baker <a href="http://www.nybooks.com/blogs/nyrblog/2014/may/10/we-kill-people-based-metadata/?insrc=wbll">said</a>: “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” Metadata includes information like who your contacts are, where and when you go online, and websites that you may legally visit that might be politically subversive, iconoclastic, or simply your own private business. But as a <a href="https://cyberlaw.stanford.edu/blog/2013/11/what's-in-your-metadata">Stanford study</a> earlier this year demonstrated, it can also reveal “medical conditions, firearm ownership, and more.”</p>
<p>So how is the government spinning this? One rationale for data retention sometimes heard in this debate is that ISPs collect some of this metadata already anyway for technical and billing purposes. But this rationale falls short—under Australian privacy law they are not permitted to collect personal data that they do not need, nor are they permitted to retain it for longer than they need it for the purpose of collection. That would all change under this new proposal, which may help explain why ISPs are <a href="http://www.theguardian.com/world/2014/aug/06/metadata-telcos-confused-by-conflicting-messages-from-abbott-government">expressing concerns</a> and confusion about the potential mandate.</p>
<p>Although threatening, the proposal is not exactly new. Most recently it resurrects the subject of a 2012 <a href="http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis/nsl2012/additional/discussion%20paper.pdf">discussion paper</a> that recommended that ISPs be required to maintain the metadata of users for two years. At the time, a member of the current government, who was then in opposition, likened proposals for data retention to <a href="http://www.abc.net.au/news/2012-09-05/data-retention-plan-likened-to-gestapo-tactics/4243402">Gestapo tactics</a>, and they were eventually dropped into the lead-up to the 2013 general election.</p>
<p>So if the proposals wouldn't fly in 2012 under the previous government, why now—particularly in light of leaked documents from Edward Snowden that show the role Australia has played in the NSA's invasive surveillance? The Prime Minister himself admits that the terrorist threat <a href="http://www.smh.com.au/federal-politics/political-news/tony-abbott-boosts-funding-by-630m-to-fight-homegrown-terrorism-20140805-3d6mx.html">has not changed</a>. Yet in a replay of the rushed <a href="https://www.eff.org/deeplinks/2014/07/dont-emulate-united-states-terrible-record-surveillance-oversight-britain">introduction of similar laws</a> in the United Kingdom last month, the new proposal could become law as soon as next month, before it has even been tabled for consideration of the Cabinet.</p>
<p>It appears the government is attempting to manipulate allegations of Australian citizens' involvement in terrorist activities overseas, to justify a much broader and more intrusive domestic surveillance regime. It's a cynical move, and one that the Australian public should not stand for.</p>
</div></div></div>Fri, 08 Aug 2014 20:49:45 +0000jmalcolm81735 at https://www.eff.orgCommentaryInternationalMandatory Data RetentionDon't Emulate the United States' Terrible Surveillance Oversight, Britainhttps://www.eff.org/es/deeplinks/2014/07/dont-emulate-united-states-terrible-record-surveillance-oversight-britain
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>Update: As predicted, DRIP has already become law: it received royal assent on Thursday July 17, 2014.</em></p>
<p>The UK government is currently <a href="https://www.openrightsgroup.org/campaigns/no-emergency-stop-the-data-retention-stitch-up">forcing through Parliament</a> a wide-ranging set of changes to that country's digital surveillance and data retention law. The pace of the progression of the new amendments, called the <a href="http://www.publications.parliament.uk/pa/bills/lbill/2014-2015/0037/lbill_2014-20150037_en_1.htm">Digital Retention and Investigatory Powers Bill</a> (or "DRIP") has been astounding. Introduced without warning last Friday, if not opposed by peers in Britain's House of Lords, it looks like it may become law within the week.</p>
<p>Opponents of the bill are having to work as individuals, as the leadership of all the major parties support the bill, including Labour, the main opposition party, and governing coalition partners the Liberal Democrats, despite that party's historic reputation for defending civil liberties. The price for these parties' support appears to have been a handful of minor concessions to allow further oversight.</p>
<p>That price is far too low. The oversight proposals appear to be based on the United States' surveillance review mechanisms: a <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/330748/Independent_Privacy_and_Civil_Liberties_Board.pdf">privacy and civil liberties oversight board</a> modeled on the United State's board of the same name, and a sunset (expiry) date on the legislation. Both of these approaches have proven to be failures within the United States.</p>
<p>DRIP's sunset proposals are an echo of the same clauses in the United States' PATRIOT Act, where expansive wiretapping clauses written in the weeks after 9/11 were built to expire on December 31, 2005. Like DRIP, the sunset provisions were an attempt to mollify those concerned that the legislation was <a href="http://sunlightfoundation.com/blog/2009/03/02/congress-had-no-time-to-read-the-usa-patriot-act/">rushing through emergency measures</a> without due consideration. Thirteen years later, and four sunsets later, none of these temporary provisions have been substantially reformed, moderated or revoked. It seems to be a law of nature: just as the sun always rises after a sunset, so sunset clauses are always renewed.</p>
<p>If British members of parliament believe they will be given more scope from a future government to re-consider their decisions after a sunset period, they should ask themselves what will make the future different from today, when existing oversight bodies such as the UK's <a href="http://membersdataportal.digiminster.com/Debates/Lords/2014-07-16/5526#contribution-134412">Intelligence and Security Committee</a> and the <a href="http://www.parliament.uk/business/committees/committees-a-z/lords-select/constitution-committee/news/data-rentention-report/">House of Lords Constitution Committee</a> have been ignored.</p>
<p>The misadventures of the United States' Privacy and Civil Liberties Oversight Board are even less inspiring. Created in 2005 on the recommendation of the Senate 9-11 Commission, the PCLOB operated for barely a year before being caught between disputes between Congress and the Presidency. One of its members resigned over <a target="_self" href="https://thehill.com/blogs/pundits-blog/the-administration/34214-why-i-resigned-from-the-presidents-privacy-and-civil-liberties-oversight-board--and-where-we-go-from-here-">Whitehouse interference</a>. Between January 2008, and May 2013, the PLOB lacked members and was effectively non-existent. While the <a href="https://www.eff.org/deeplinks/2012/11/privacy-and-civil-liberties-oversight-board-meets-after-five-year-absence">newly-reformed</a> independent executive agency has subsequently been critical of the NSA's domestic surveillance program, this has largely been in response to the Snowden documents, and the impact of its reports has so far been limited.</p>
<p>True oversight means being time to consider the issues at length, and with technical and policy assistance. Britain is not the only country in Europe responding to the revocation of the Data Retention Directive. To avoid violating EU law again, its politicians should consult with other countries to develop a consistent and rights-friendly surveillance policy. Britain's PCLOB is so far based on a promise: it is not mentioned in DRIP bill, and has been given no statutory powers. An oversight body needs the right to subpoena, and the right of access to technical expertise. It should be a Parliamentary institution, not a board that reports to the Prime Minister. Better still, open judicial review of surveillance warrants should be introduced, rather than the secret and executive-driven model currently mandated by UK law.</p>
<p>As Labour Member of Parliament Tom Watson <a href="https://medium.com/@tom_watson/letter-to-ed-miliband-about-the-data-retention-and-investigatory-powers-bill-1707846770ee">notes</a>, the urgency ceded by Britain's opposition parties to DRIP's passage make little sense. The government claims that the law needs to be passed quickly to re-impose data retention on ISPs after the Europe-wide Data Retention Directive was revoked as a violation of European human rights by the EU's Court of Justice (CJEU). But the CJEU's decision was in April; any legal challenge to continuing data retention within the United Kingdom would take at least seven months to complete. Besides, the point of the CJEU's decision was that data retention requires <em>greater</em> oversight and better consideration of human rights, not less. To ram through a blunt data retention bill while postponing or evading the civil liberties consequences is exactly the opposite of the intent of that court.</p>
<p>At best, these rushed proposals simply buy the government more time for its unnecessary and disproportionate surveillance measures before they are eventually struck down once again by the European Courts. At worse, Britain is running blindly into an unsafe regime of mass data collection and analysis that we already know to be violations of European human rights law, with public oversight systems that has been proven by the United States to be woefully insufficient.</p>
</div></div></div>Wed, 16 Jul 2014 21:23:30 +0000danny81442 at https://www.eff.orgLegislative AnalysisMandatory Data RetentionVigilancia de Estado & Derechos HumanosData Retention Directive Invalid, says EU's Highest Courthttps://www.eff.org/es/deeplinks/2014/04/data-retention-violates-human-rights-says-eus-highest-court
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today the European Court of Justice declared the <a target="_blank" href="https://www.eff.org/issues/mandatory-data-retention">EU's Data Retention Directive</a> invalid, declaring that the <a href="https://www.eff.org/issues/mandatory-data-retention">mass collection of Internet data</a> in Europe entailed a "wide-ranging and particularly serious interference with the fundamental rights to respect for private life and to the protection of personal data." The Directive ordered European states to pass laws that obliged Internet intermediaries to log records on their users' activity, keep them for up to two years, and provide access to the police and security services. The ECJ joins the United Nations' <a href="http://tbinternet.ohchr.org/_layouts/treatybodyexternal/SessionDetails1.aspx?SessionID=625&amp;Lang=en">Human Rights Committee</a> which last month called upon the United States to refrain from imposing mandatory retention of data by third parties.</p>
<p>The decision is a victory for the <a href="http://history.edri.org/edrigram/number11.14/data-retention-hearing-ecj-2013">human rights activists</a> that have fought hard to have the original Europe-wide law—rushed through the European Parliament in 200—re-considered. <a href="http://www.digitalrights.ie/">Digital Rights Ireland</a>, who first launched a lawsuit against the Irish Government against their implementation of the Directive, and <a href="http://zeichnemit.at/">AK Vorrat Austria</a>, who <a href="https://www.eff.org/deeplinks/2012/04/austrian-activists-push-back-against-eu-data-retention-directive">organized</a> to reject data retention in Austria, both pursued the issue for many years in the face of concerted opposition from their own governments and officials.</p>
<p>While the decision comprehensively rejects the current directive, some states may put up a fight to keep their laws, while others could take this opportunity to become champions of their citizens' privacy. The Finnish Minister of Communications, Krista Kiuru, has already <a href="http://www.lvm.fi/tiedote/4395687/eu-tuomioistuin-totesi-tietojen-sailyttamista-koskevan-direktiivin-laittomaks">declared a full review of Finnish law</a> in the light of the decision, saying that "if [Finland] wants to be a model country in privacy issues, Finnish legislation has to respect fundamental rights and the rule of law." The German and Romanian data retention laws have already been declared unlawful by their national constitutional courts. Governments advocating retention, like the UK, <a href="http://cybermatron.blogspot.co.uk/2014/04/a-total-map-of-everyday-life-todays.html">may argue</a> that they can still maintain their existing data retention laws, or there may even be an attempt to introduce a whole new data retention directive that would attempt to comply with the ECJ's decision.</p>
<p align="JUSTIFY" lang="en-GB" xml:lang="en-GB">However the data retention regime unwinds in Europe, this decision sends an important signal to other countries in the world who are considered the same path as the EU. Brazil's online activists have been <a href="http://infojustice.org/archives/32527">fighting hard</a> to keep data retention out of their flagship Internet Bill of Rights, the Marco Civil. The law, which is about to be considered by the Brazilian Senate, would require ISPs to record personal data for one year, and other service providers log keep private information on their users for six months. New laws requiring mandatory data retention by companies in the United States have also been <a href="http://www.cnet.com/news/justice-department-seeks-mandatory-data-retention/">championed </a> by the Obama administration's Department of Justice, and have been <a href="http://www.nytimes.com/2014/03/25/us/obama-to-seek-nsa-curb-on-call-data.html">proposed by the Whitehouse as a "solution" to the NSA spying scandal</a>. As the ECJ's decision shows, the indiscriminate recording and storage of every aspect of innocent civilians' online lives is a travesty of human rights, no matter where that collected data is housed.</p>
</div></div></div>Tue, 08 Apr 2014 18:00:02 +0000danny79842 at https://www.eff.orgPolicy AnalysisInternationalMandatory Data RetentionThe Day We Fight Back: Poland Fights Back Against Unchecked Surveillancehttps://www.eff.org/es/node/78805
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr"><span>In 2013, we learned digital surveillance by the world’s governments </span><strong><span>knows no bounds</span></strong><span>. The NSA and other investigative agencies are capturing our phone calls, tracking our location, peering into our address books, and collecting our emails. They do this in secret, without adequate public oversight, and in violation of our human rights. We won’t stand for this anymore. On Tuesday February 11, the <a target="_blank" href="https://eff.org/tdwfb">world is fighting back</a>.<br /></span></p>
<p><span>In anticipation of the first united, worldwide action against mass spying, we asked <strong>Katarzyna Szymielewicz</strong>, co-founder and President of the digital rights organization, Panoptykon Foundation, a signatory to the <a href="https://en.necessaryandproportionate.org/take-action">13 Principles against mass surveillance</a>, to let the world know how her team is fighting back.</span></p>
<p dir="ltr"><strong><span>When it comes to surveillance, what’s the biggest problem in Poland right now?</span></strong></p>
<p dir="ltr"></p>
<p dir="ltr"><strong><span>Katarzyna Szymielewicz</span></strong><span>:</span><span> The Polish mandatory data retention law. When implementing the European law on data retention, which compels telecom service to retain metadata for certain period of time, Poland not only opted for the most privacy-intrusive solutions but in some respects went further than what is permitted by the European directive. The Europe-wide retention regime was introduced in order to increase availability of telecommunication data for the purposes of investigating and prosecuting serious crimes. Polish law goes further and allows for the use of data retention by law enforcement and nine (!) intelligence agencies in the performance of their "statutory duties", which covers the prosecution of minor crimes as well as crime prevention. </span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>As a result both law enforcement and the nine intelligence agencies can use telecommunication metadata almost without limitations and with no independent oversight. </span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>Because of this flawed legal framework, the official number of requests for telecommunication data in Poland is staggering: almost 2 million per year (versus hundreds of thousands in other EU member states). Worse, the research carried out by Panoptykon Foundation showed that even these official statistics cannot be relied on. </span></p>
<p dir="ltr"></p>
<p dir="ltr"><em><strong><span>Which are the pending battles that Panoptykon Foundation is fighting back?</span></strong></em></p>
<p dir="ltr"></p>
<p dir="ltr"><span><strong><span>Katarzyna Szymielewicz: </span></strong>The Panoptykon Foundation has been criticizing the Polish data retention law and calling for its revision since 2009. In 2011, the Polish Ombudsman brought a few cases to the Constitutional Tribunal, claiming that existing legal provisions are unconstitutional, particularly in their inadequate safeguards for citizens. Similar arguments and recommendations were made by the Supreme Audit Office in 2013. As a result the government has been required to revise the existing law and increase its checks and balances.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><em><strong><span>How bad Is the culture of secret surveillance in Poland?</span></strong></em></p>
<p dir="ltr"></p>
<p dir="ltr"><span><strong>Katarzyna Szymielewicz:</strong> Polish law does not provide for any reliable mechanism for verifying how many times and for what purposes public entities (law enforcement or any of the nine intelligence agencies) ask for citizens' personal data. This problem affects all types of data and all types of requests: metadata and content; telecommunication, electronic services, banking, and social security data. Public entities have no legal obligation to register their requests nor publish their numbers or other details. Only telecommunication operators are required to collect statistics showing how many times they were asked for their clients' personal information. However, our research showed that even these statistics cannot be relied on. It turned out that there is a significant discrepancy between the data collected by the operators and the staatistics the Panoptykon Foundation obtained directly from police and intelligence agencies via Freedom of Information Act requests. Almost every entity applies different methods of collecting and interpreting data.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>As far as the companies that offer internet services are concerned (like Google, Facebook and their Polish counterparts), there is no legal obligation to collect or publish any data on requests made by public entities. As a result we have no way to verify the scale of state surveillance (be that Polish or US) in the domain of internet services.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span></span><span>In 2013 Panoptykon Foundation <a href="http://panoptykon.org/sites/panoptykon.org/files/transparency_report_pl.pdf">published a report pointing</a> to the lack of transparency of public requests for private data and demanding legal changes.</span><span> </span></p>
<p dir="ltr"></p>
<p dir="ltr"><em><strong><span>States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance. Which is the current situation in Poland?</span></strong></em></p>
<p dir="ltr"></p>
<p dir="ltr"></p>
<p dir="ltr"><span><span><strong>Katarzyna Szymielewicz: </strong></span>Polish law does not provide for any independent oversight over intelligence agencies. Only internal control mechanisms are in place, which cannot be treated as independent. As a result there is no way to verify whether Polish intelligence services observe any existing legal safeguards (including cooperation and data exchange with foreign counterparts) other than through journalistic investigation or whistleblowing.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><em><strong><span>What do we know about the cooperation between Polish and the United States’ secret services?</span></strong></em></p>
<p dir="ltr"></p>
<p dir="ltr"><span><span><strong>Katarzyna Szymielewicz: </strong></span>Not much, for now. Together with the Helsinki Foundation for Human Rights and Amnesty International Poland, the Panoptykon Foundation filed FOIA requests concerning Polish involvement in US mass surveillance programs and international cooperation between security services.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><span>The three organisations wanted to know, among other things: whether Polish intelligence agencies cooperated with their US counterparts; whether any transfers of personal data were executed; and whether Polish agencies had access to PRISM or other surveillance programmes. Intelligence agencies and Polish government refused to answer these questions. </span></p>
<p dir="ltr"><span><br class="kix-line-break" />As a result, we are now going to take our demand for information to the Polish courts. It’s the next step in our “100 Questions” campaign, and one we’re taking on the Day We Fight Back.</span></p>
<p dir="ltr"></p>
<p dir="ltr"><a target="_blank" href="https://en.necessaryandproportionate.org/content/panoptykon-100-questions-about-prism%20%20http://www.theguardian.com/commentisfree/2013/oct/16/poles-­‐prism-­‐poland-­‐surveillance-­‐%20threat"><span>Read more about Poland’s "100 questions" campaign </span></a><a href="https://en.necessaryandproportionate.org/content/panoptykon-100-questions-about-prism"><span></span><span></span></a></p>
<p dir="ltr"><span></span></p>
</div></div></div>Mon, 10 Feb 2014 06:19:25 +0000katitza78805 at https://www.eff.orgCommentaryInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosPrivacyData Privacy Means Data Security (and not Data Retention)https://www.eff.org/es/deeplinks/2014/01/data-privacy-means-data-security-and-not-data-retention
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today is <a href="http://en.wikipedia.org/wiki/Data_Privacy_Day">Data Privacy Day</a> (also known as Data Protection Day), an international festival of our right to control our own personal information and to protect our communications from unchecked surveillance.</p>
<p>It's not been a great year for either belief. Since <a href="https://www.eff.org/deeplinks/2013/01/international-privacy-day-anti-surveillance-success-stories">last year's celebration</a>, the Snowden revelations have exposed how vulnerable private information is from unwarranted inspection by the surveillance state. At the same time, we've seen reports of <a href="http://www.npr.org/2014/01/21/264576000/hackers-go-phishing-in-the-wake-of-target-data-breach">incident</a> after <a href="http://www.pcworld.com/article/2090839/retailer-data-breach-trend-not-likely-to-end-soon.html">incident</a> of major privacy breaches at the hands of criminals from large companies. Our personal data seems less secure than ever.</p>
<p>Data Privacy Day is on January 28th in commemoration of the day the Council of Europe opened the snappily-titled "Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data" for signatures. The <a href="http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm">1985 convention</a> dedicates a separate section to the importance of data security, saying:</p>
<blockquote><p>Appropriate security measures shall be taken for the protection of personal data stored in automated data files against accidental or unauthorized destruction or accidental loss as well as against unauthorized access, alteration or dissemination.</p></blockquote>
<p>"Appropriate security measures" increasingly means defending personal data not just from cybercriminals and accidental disclosure, but from a menagerie of state actors using their own considerable powers of collection. That means that these days, a company that respects your privacy should be making efforts not just to encrypt data as it flows across the Net, but also lock down the same data when it is <a href="http://en.wikipedia.org/wiki/Data_at_Rest">at rest</a>.</p>
<p>It also means they should be considering whether they should collecting that data at all. The Convention speaks of ensuring data collection should be "not excessive" for its purpose. But whatever the purpose, the larger the data stockpile you build, the more vulnerable it becomes.</p>
<p>It's expensive and difficult to keep personal data private from adversaries like Russian and Chinese hackers or the NSA and GCHQ. And it gets worse, as companies hoard greater and greater amounts of unnecessary and intrusive information. Companies may insist they take steps to protect their users' data, but the best form of data security is simply not collecting that information in the first place.</p>
<p>Supporting Data Privacy is something that most people can get behind, and activists and corporations alike are today happy to highlight it as a goal. <a href="http://edri.org/">Europeans</a> have used the day to <a href="https://www.accessnow.org/page/-/docs/EU-Council-DP-Day-Letter_1.pdf">pointedly note</a> how delayed Europe's own <a href="http://protectmydata.eu/">data protection reforms</a> have been. The EU's Justice Commissioner, Viviane Reding, has responded with a <a href="http://europa.eu/rapid/press-release_MEMO-14-60_en.htm">lengthy memo</a> spelling out their intention to pursue data protection as a policy, including Europe's intention to push back against US spying.</p>
<p>The aftershocks of the Snowden revelations worldwide means 2014 will be the most promising opportunity for data privacy regulation and reform in years. But without understanding that data privacy means data security, those regulations will oversee an infrastructure too filled with holes to keep data really safe. We need to make sure that encryption works, and that our governments aren't creating insecure backholes in standards and software that will eliminate what protection we can provide.</p>
<p>We need to also make sure that politicians don't increase the vulnerability of our data by increasing the amount of data that is kept. Already, regulators have started framing "data retention", the compulsory storage of private data for far longer than is necessary, as <a href="http://www.slate.com/blogs/saletan/2014/01/21/nsa_phone_metadata_retention_if_you_don_t_trust_the_government_why_trust.html">the solution</a> to law enforcement and national security access to personal data. Data retention is the opposite of data protection. It raises the chances of the catastrophic loss of privacy, with no benefit for the people it endangers.</p>
<p>It's been a bad year for data protection. Perhaps 2014 is when we start fixing the data privacy problems that 2013 highlighted. It'll take more than one day, though, to ensure that those fixes don't make matters worse.</p>
</div></div></div>Tue, 28 Jan 2014 03:30:58 +0000danny78583 at https://www.eff.orgCommentaryInternational Privacy StandardsMandatory Data RetentionVigilancia de Estado & Derechos HumanosEncrypting the WebNSA SpyingMandatory Data Retention Defeated in Australia, For Nowhttps://www.eff.org/es/deeplinks/2013/06/mandatory-data-retention-defeated-australia-now
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>For the last few years, Australia’s security agencies have been <a href="https://www.eff.org/deeplinks/2012/11/why-data-retention-australian-government-hasnt-backed-its-argument">pushing</a> for the <a href="https://www.eff.org/issues/mandatory-data-retention">mandatory retention</a> of the communications data of every citizen. If implemented, this policy would require private companies to keep communications <a href="https://www.eff.org/deeplinks/2013/06/why-metadata-matters">metadata</a> of all customers for two years. Essentially, it treats every person as a criminal suspect. Yesterday, a parliamentary committee <a href="http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis%2Fnsl2012%2Freport.htm">issued a report</a> declining to recommend data retention and strongly criticizing the government for failing to adequately explain and justify its proposal. In the wake of the report, the governing Labor Party <a href="http://www.zdnet.com/au/australian-government-shelves-data-retention-plans-7000017183/">announced</a> it will not pursue data retention before the next election. So data retention in Australia has been defeated, for now.</p>
<p>The most recent push began last July, when the Attorney General’s Department <a href="https://www.eff.org/deeplinks/2012/07/australian-government-moves-expand-surveillance-powers">submitted a list of security proposals</a>, including data retention, to the Joint Parliamentary Committee on Intelligence and Security. The scheme met with <a href="http://www.itnews.com.au/News/313178,public-opposes-federal-data-retention-proposal.aspx">overwhelming public opposition</a>—98.9% of <a href="http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis/nsl2012/subs.htm">public submissions</a> rejected data retention. Civil rights groups and individuals explained that the scheme sacrifices the privacy of all citizens. Contrary to the government’s claims, collecting metadata is highly intrusive as it <a href="http://www.cato.org/blog/why-nsa-collecting-phone-records-problem">reveals the most intimate connections</a> between persons. In addition, the scheme would create a <a href="http://necessaryandproportionate.net" target="_blank">huge trove of data</a> vulnerable to hacking while imposing significant costs on private companies dragooned to act as the government’s spies.</p>
<p>The government failed to rebut these objections. In a <a href="http://www.crikey.com.au/2013/02/14/banality-of-evil-new-documents-lift-the-veil-on-data-retention/">ham-fisted attempt to avoid criticism</a>, the Attorney General’s Department initially refused to provide concrete details about its data retention scheme. The committee strongly criticized this lack of transparency:</p>
<blockquote><p>[T]he Committee was very disconcerted to find, once it commenced its Inquiry, that the Attorney-General’s Department had much more detailed information on the topic of data retention. Departmental work, including discussions with stakeholders, had been undertaken previously. Details of this work had to be drawn from witnesses representing the [department].</p></blockquote>
<p>Journalist Bernard Keane <a href="https://twitter.com/BernardKeane/status/348994308994650112">tweeted</a> that he’d “never seen a government-controlled committee give a kicking to a department” like this report did. In addition to <a href="http://www.scmagazine.com.au/News/347815,senate-committee-slams-data-retention-plans.aspx">slamming the department</a> for hiding the ball, the committee acknowledged public concern about privacy:</p>
<blockquote><p>[A] mandatory data retention regime raises fundamental privacy issues, and is arguably a significant extension of the power of the state over the citizen. No such regime should be enacted unless those privacy and civil liberties concerns are sufficiently addressed.</p></blockquote>
<p>The committee punted on the ultimate issue. It wrote that there was “a diversity of views within the Committee” as to the merits of a data retention regime and said it was “ultimately a decision for Government.” With an election scheduled for later this year, the governing Labor Party announced that it is dropping the unpopular scheme.</p>
<p>Green Party Senator Scott Ludlam cautioned that, even with the defeat of this proposal, Australia’s security agencies might achieve the same result by other means. He warned that, in light of the recent <a href="https://www.eff.org/nsa-spying">NSA Spying</a> news, agencies may bypass domestic due process though the “wholesale importing of content and non-content data from colleagues in the U.S.” We need greater oversight of the security establishment to ensure that international cooperative agreements are not enabling the evasion of domestic legal restrictions.</p>
<p>Senator Ludlam also <a href="http://www.scmagazine.com.au/News/347815,senate-committee-slams-data-retention-plans.aspx">predicted</a> that, regardless of who wins the next election, the data retention plan will be back. Security agencies will not abandon their campaign to treat every person like a criminal suspect. Privacy advocates in Australia and around the world need to keep up the fight.</p>
</div></div></div>Tue, 25 Jun 2013 05:59:43 +0000daniel74743 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosPrivacySpying on the World From Domestic Soil: International Backlashhttps://www.eff.org/es/deeplinks/2013/06/spying-world-domestic-soil
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p class="normal"><i class="eff-grey">This is the 5th article of our </i><a class="eff-grey" href="https://www.eff.org/deeplinks/2013/06/spy-without-borders" target="_blank"><em></em></a><i class="eff-grey"><a href="https://www.eff.org/deeplinks/2013/06/spy-without-borders" target="_blank">Spies Without Borders</a></i><i class="eff-grey"> series. </i><a class="eff-grey" href="https://www.eff.org/deeplinks/2013/06/spy-without-borders" target="_blank"><em>The </em></a><i class="eff-grey">series</i><i class="eff-grey"> are</i><i class="eff-grey"> looking into how the information disclosed in the NSA leaks affect</i><i class="eff-grey"> </i><i>I</i><i class="eff-grey">nternet users around the world whose private information is stored in U.S. servers, or whose data travels across U.S. networks. </i><i> </i></p>
<p class="normal">The world is still reeling from the series of revelations about NSA and FBI surveillance. Over the past two weeks the emerging details paint a picture of pervasive, crossborder spying programs of unprecedented reach and scope: the U.S. <a href="https://www.eff.org/deeplinks/2013/06/spy-without-borders">has now admitted</a> using domestic networks to spy on Internet users both domestically and worldwide. The people now know that foreign intelligence can spy on their communications if they travel through U.S. networks or are stored in U.S. servers. </p>
<p class="normal">While <a href="https://www.eff.org/deeplinks/2013/06/world-us-congress-im-not-american-i-have-privacy-rights">international</a> <a href="https://netzpolitik.org/2013/yes-we-scan-privacy-activists-protest-against-prism-and-nsa-surveillance-as-president-obama-arrives-in-berlin">public outrage</a> has justifiably decried the <a href="http://globalnews.ca/news/624105/u-s-prism-surveillance-program-puts-canadas-privacy-czar-on-alert/">scope and reach</a> of these revelations, <i>carte blanche</i> foreign intelligence surveillance powers over foreigners are far from new. In the U.S., foreign intelligence has always had nearly limitless legal capacity to surveil foreigners because domestic laws and protections simply don't reach that surveillance activity.</p>
<p class="normal">This legal framework, <a href="https://www.eff.org/deeplinks/2013/06/modern-foreign-surveillance-legal-perspective">with no protection for foreigners and little oversight besides</a>, has been exacerbated by the growth in individuals now living their lives online, who conduct their most intimate communications in cloud services that are hosted in the U.S. and across different jurisdictions. To make matters worse, the vast amount of Internet traffic globally is routed through the U.S. Last but not least, logistical barriers to powerful, mass surveillance have lowered and the application of <a href="http://necessaryandproportionate.net/">existing legal principles</a> in new technological contexts has become unclear and shrouded in secrecy, especially in a extra-territorial surveillance context. The <a href="https://www.eff.org/deeplinks/2013/06/foreign-surveillance-history-privacy-erosions">US government’s FISA powers</a>, which in 2008 opened the door to broad surveillance of communications where one side is a U.S. citizen and the other side is a foreigner, represent just an example of an increasing state capacity to conduct nearly limitless invasive <a href="https://www.eff.org/deeplinks/2013/06/spies-without-borders-i-using-domestic-networks-spy-world">extra-territorial surveillance from domestic soil</a>.</p>
<p class="normal"><b>International Backlash</b></p>
<p class="normal">On June 18, Germans rallied at a well-known Berlin Wall crossing point called Checkpoint Charlie. Under the motto: “<a href="https://netzpolitik.org/2013/yes-we-scan-privacy-activists-protest-against-prism-and-nsa-surveillance-as-president-obama-arrives-in-berlin/">Yes We Scan!</a>” German activists protested against PRISM and NSA surveillance in response to President <a href="http://www.washingtonpost.com/world/europe/germanys-merkel-to-raise-nsa-surveillance-programs-with-obama-during-visit-next-week/2013/06/10/ee3e4b6a-d1bc-11e2-9577-df9f1c3348f5_story_1.html">Barack Obama’s Berlin visit</a> scheduled next Wednesday. Pictures of the rally show protest signs claiming that the Obama administration has become “Stasi 2.0” with the quote “All your data belong to us”.</p>
<p class="normal"><img src="https://www.eff.org/files/images_insert/germany.jpg" alt="" class="image-left" height="146" width="219" />The Stasi 2.0 campaign was originally designed in 2007 to fight Germany’s <a href="https://www.eff.org/issues/mandatory-data-retention/germany">mandatory data-retention law</a>, a law implementing an EU Directive that force ISPs and telecom providers to continuously collect and store records documenting the online activities of millions of ordinary Europeans. Roughly 34,000 citizens filed a lawsuit against the mandatory data retention in protest. The campaign was successful and in March 2010<b> </b>a German court <a href="http://www.edri.org/edrigram/number8.5/german-decision-data-retention-unconstitutional">declared</a> the law unconstitutional and ordered the deletion of the collected data. Now, the Stasi 2.0 campaign has shifted focus on calling upon their government to protect them against overreach scope of NSA foreign surveillance practices, Sandra Mamitzsch from <a href="https://digitalegesellschaft.de/2013/06/yes-we-scan-kundgebung-am-checkpoint-charlie/">Digitale Gesellschaft</a> told EFF.</p>
<p class="normal">Germany has also increased its capacity to conduct sweeping and invasive extra-territorial surveillance from its domestic soil. <a href="https://www.eff.org/deeplinks/2013/06/spies-without-borders-i-using-domestic-networks-spy-world">As we noted</a>, the German government has leveraged its ability to remotely compromise computer systems in order to spy on its citizens. The government has used <a href="http://www.edri.org/edrigram/number11.2/germany-finfisher-spyware">commercial malware</a> to hack private data. While there has been no confirmation that Germany is deploying these investigative techniques against persons outside German territories, extra-territorial surveillance is feasible because infection occurs via email and other Internet transmissions.</p>
<p class="normal">Campaigns against the NSA spying overreach are now being planned for July 6 all around Australia. Australians can get involved here: <a href="http://ourprivacy.org.au/">http://ourprivacy.org.au/</a></p>
<p>Micheal Vonn, policy director at the B.C. Civil Liberties Association in Canada, <a href="http://globalnews.ca/news/624105/u-s-prism-surveillance-program-puts-canadas-privacy-czar-on-alert/">told to the Global News in Canada</a>: “[w]e fully intend to get some pointed questions to the Canadian government about knowledge, complicity, alliance with this program. And whether, in fact, very, very quietly, the Canadian security establishment has been harvesting the fruits of this program for some time.”</p>
<p class="normal">EFF <a href="https://www.eff.org/deeplinks/2013/06/international-customers-its-time-call-us-internet-companies-demand-accountability" target="_blank">is demanding Internet companies</a> to join our cause and protect the privacy of their international customers calling on Congress to create a committee to uncover the truth about the alarming NSA allegations. <a href="https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9297">You can take action here</a>. Current foreign intelligence surveillance targetting foreigners must be challenged to ensure strong human rights safeguards, transparency and accountability across the world. A global dialogue on extra-territorial foreign intelligence surveillance among all nations is much needed.</p>
<p class="MsoNormal">EFF will continue blogging about the impact of the NSA leaks on Internet users abroad in our <a href="https://www.eff.org/deeplinks/2013/06/spy-without-borders">Spies Without Borders</a> series. Next, we will publish an article from <span>Korea University Law School Professor, Kyung Sin (“K.S.”) Park, Open Net, South Korea to provide his views on the current controversy.</span></p>
<p class="normal"><em>Image: </em><a href="https://digitalegesellschaft.de/2013/06/yes-we-scan-kundgebung-am-checkpoint-charlie/">Digitale Gesellschaft</a><em>, licensed under a </em><em>Creative Commons BY SA 3.0 license.<br /></em></p>
</div></div></div>Sat, 22 Jun 2013 00:09:29 +0000katitza74645 at https://www.eff.orgCall To ActionInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosPrivacyNSA SpyingReform to Update Online Privacy Law Continues to Move Forward: Today, a Hearing in the House and Movement in the Senatehttps://www.eff.org/es/deeplinks/2013/03/ecpa-reform-continues-move-forward-today-hearing-house-and-movement-senate
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Today was the <a target="_self" href="http://judiciary.house.gov/hearings/113th/hear_03192013_2.html">first hearing</a> in what many of us hope will be a successful update to the archaic <a target="_self" href="https://ilt.eff.org/index.php/Privacy:_Stored_Communications_Act">Electronic Communications and Privacy Act</a> in this year's Congress. The law, written in 1986, allows the government to argue that private online messages older than 180 days are not protected by the Fourth Amendment and that the government can access the messages without a warrant. EFF, along with the <a target="_self" href="http://digitaldueprocess.org/">Digital Due Process</a> coalition has been pushing for the past few years to update the law. Shortly after the hearing in the House, Senators Leahy and Lee introduced final language to reform ECPA in the Senate. With Rep. <a target="_self" href="https://www.eff.org/deeplinks/2013/03/new-bill-would-ensure-law-enforcement-get-warrant-reading-email">Lofgren's language</a>, there is now language to update ECPA in both houses of Congress. Help us update ECPA by <a target="_self" href="https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8225">telling your Congressmen</a> to support reform.</p>
<p>In the hearing, the Department of Justice (DOJ) finally conceded that users have a reasonable expectation of privacy in email older than 180 days. Of course, users have known this for years. But up until now, ECPA has allowed the DOJ to argue otherwise. The argument was stopped, but only in the Sixth Circuit, after the court ruled in US v. Warshak that the 180 day rule, as written, is unconstitutional. Now, after years of legal battles—in which we are a lively member—the DOJ has finally conceded an important impediment to ECPA reform.</p>
<p>Despite agreeing that users have a reasonable expectation of privacy in emails older than 180 days, the DOJ was adamant that federal civil agencies must have a new exception to ECPA to bypass any warrant requirements in civil cases. This exception defeats the principles behind why we're fighting to reform ECPA. And it's just another way for DOJ to ignore fundamental constitutional rights.</p>
<p>The hearing also witnessed some surprise testimony by Richard Littlehale, a Tennessee state investigator who works for what is essentially Tennessee's state-equivalent of the FBI. Littlehale was adamant about ensuring a <a target="_self" href="https://www.eff.org/issues/mandatory-data-retention">mandatory data retention requirement</a> in any update to ECPA. Since 2011, Subcommittee Chairman Sensenbrenner has been <a target="_self" href="http://www.huffingtonpost.com/leslie-harris/ip-address-law_b_896439.html">adamently opposed</a> to a data retention bill. Unfortunately, Littlehale's testimony was littered with erroneous conflations. For starters, ECPA reform is about clarifying—and ensuring—the protections already granted to users by the Constitution. Data retention requirements have no place in such reforms.</p>
<p>On the other side of the Capitol, in the Senate, we're excited to see the introduction of language by Senators Leahy and Lee to reform ECPA. The bills in the House and Senate follow up on the legislative success of last Congress, where the Senate Judiciary Committee voted in favor of ECPA reform. These actions are encouraging signs that ECPA reform will move forward in Congress.</p>
<p>We're glad to see ECPA reform robustly moving. And with your help, Congress is taking notice of the courts and of users' opinions. The House hearing was only a first step. With bills in both houses of Congress the future of ECPA reform is bright. Users should be guaranteed the same rights in their virtual lives as they are in their physical lives. We look forward to a Senate hearing on ECPA reform and eventually a vote in Congress to update the sorely outdated privacy law.</p>
</div></div></div><div class="field field--name-field-related-cases field--type-node-reference field--label-above"><div class="field__label">Related Cases:&nbsp;</div><div class="field__items"><div class="field__item even"><a href="/es/cases/warshak-v-usa">Warshak v. USA</a></div></div></div>Tue, 19 Mar 2013 23:36:26 +0000jaycox73573 at https://www.eff.orgNews UpdateMandatory Data Retention2012 in Review: State Surveillance Around the Globehttps://www.eff.org/es/node/72946
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><i>As the year draws to a close, EFF looks back at the major trends influencing digital rights in 2012 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click </i><a href="https://eff.org/deeplinks/2012/12/2012-review-year-digital-freedom"><i>here</i></a><i> to read other blog posts in this series.</i></p>
<p>All things considered, 2012 was a terrible year for online privacy against government surveillance. How bad was it? States around the world are demanding private data in ever-greater volumes—and getting it. They are recognizing the treasure troves of personal information created by modern communications technologies of all sorts, and pursuing ever easier, quicker, and more comprehensive access to our data. They are obtaining detailed logs of our entire lives online, and they are doing so under <a target="_blank" href="https://www.eff.org/document/cloudy-jurisdiction-addressing-thirst-cloud-data-domestic-legal-processes">weaker legal standards</a> than ever before. Several laws and proposals now afford many states warrantless snooping powers and nearly limitless data collection capabilities. These practices remain shrouded in secrecy, despite some private companies’ attempts to shine a light on the alarming measures states are taking around the world to obtain information about users.</p>
<p><span></span> To challenge the sweeping invasions into individuals’ personal lives, we’re calling on governments to ensure <a href="http://necessaryandproportionate.org/">their surveillance policies and practices</a> are consistent with international human rights standards. We’re also demanding that governments and companies become more transparent about their use of the Internet in state surveillance. </p>
<p><b>Signs of Growing International Surveillance in 2012<br /></b></p>
<ul><li>A <a href="http://www.planalto.gov.br/ccivil_03/_Ato2011-2014/2012/Lei/L12683.htm">new law in Brazil</a> allows police and public prosecutors to demand user registration data from ISPs directly, via a simple request, with no court order, in criminal investigations involving money laundering. And, a <a href="http://www.camara.gov.br/proposicoesWeb/prop_mostrarintegra?codteor=1036641&amp;filename=PL+4666/2012">new bill</a> seeks to allow the Federal Police to demand registration data of Internet users in cases of crimes without the need of a court order nor judicial oversight.</li>
</ul><ul><li>Colombia adopted a new <a href="https://www.eff.org/deeplinks/2012/12/cultures-secrecy-colombia-adopts-mandatory-backdoor-and-data-retention-mandates">decree</a> that compels ISPs to create backdoors that would make it easier for law enforcement to spy on Colombians. The law also forces ISPs and telecom providers to continuously collect and store for five years the location and subscriber information of millions of ordinary Colombian users.</li>
</ul><ul><li href="http://gaceta.diputados.gob.mx/Gaceta/Votaciones/61/tabla3or2-34.php3">Leaked documents revealed that the <a target="_blank" href="https://www.eff.org/deeplinks/2012/07/mexicans-need-transparency-secret-surveillance-contracts">Mexican government</a> shelled out $355 million to expand Mexican domestic surveillance equipment over the past year.</li>
</ul><ul><li href="http://gaceta.diputados.gob.mx/Gaceta/Votaciones/61/tabla3or2-34.php3"><span> The Canadian government put proposed <a target="_blank" href="https://www.eff.org/deeplinks/2012/02/keep-pressure-canadian-online-surveillance-bill-pause-fight-continues">online surveillance legislation</a> temporarily "</span><a target="_blank" href="http://www.theglobeandmail.com/news/politics/ottawa-hits-pause-on-web-surveillance-act/article2349818/"><span>on pause</span></a><span>" following sustained</span><span> </span><a target="_blank" href="https://www.eff.org/deeplinks/2012/02/keep-pressure-canadian-online-surveillance-bill-pause-fight-continues"><span>public outrage</span></a><span> generated by the bill. </span><span>The bill introduces new police powers that would allow authorities easy access to Canadians’ online activities, including the power to force ISPs to hand over private customer data without a warrant. </span></li>
</ul><ul><li>The EU’s overarching data retention directive <a href="https://www.eff.org/issues/mandatory-data-retention">has become</a> a dangerous model for other countries, despite the fact that several European Courts <a target="_blank" href="https://www.eff.org/issues/mandatory-data-retention">have declared</a> several national data retention laws unconstitutional.</li>
</ul><ul><li>Romania went ahead with adopting a <a href="http://www.edri.org/edrigram/number10.10/romanian-parliament-adopts-data-retention-law-again">new data retention mandate law</a> without any real evidence or debate over the right to privacy, despite the 2009 Constitutional Court ruling declaring the previous data retention law unconstitutional.</li>
</ul><ul><li href="http://www.edri.org/edrigram/number10.20/details-german--state-spyware-Staatstrojaner">The German government is proposing <a href="http://www.edri.org/edrigram/number10.23/germany-extended-tracking-internet-users">a new law</a> that would allow law enforcement and intelligence agencies to extensively identify Internet users, without any court order or reasonable suspicion of a crime. This year, more details were found on <a href="http://www.edri.org/edrigram/number10.20/details-german--state-spyware-Staatstrojaner">German State Trojan Program</a> to spy on and monitor Skype, Gmail, Hotmail, Facebook and other online communications.</li>
</ul><ul><li>The UK government was considering <a target="_blank" href="http://www.edri.org/edrigram/number10.7/uk-new-surveillance-measures">a draft Communications Data Bill</a> that would extend the police’s access to individuals' email and social media traffic data. The UK ISPs will be compelled to gather the data and allow the UK police and security services to scrutinize it. On December, the UK Parliament Committee <a target="_blank" href="http://www.bigbrotherwatch.org.uk/home/2012/12/committee-says-no-to-draft-communications-data-bill.html">made clear</a> that the draft Bill is unacceptable in its current form, and "<a target="_blank" href="http://www.bigbrotherwatch.org.uk/home/2012/12/committee-says-no-to-draft-communications-data-bill.html">tinkering around the edges</a>" is not good enough. The bill is back to the drawing board for the Home Office.</li>
</ul><ul><li>A Dutch proposal seeks to <a href="https://www.eff.org/deeplinks/2012/10/dutch-government-proposes-cyberattacks-against-everyone">allow</a> the police to break into foreign computers and search and delete data. If the location of a particular computer cannot be determined, the Dutch police would be able to break into it without ever contacting foreign authorities. Another <a target="_blank" href="http://www.edri.org/edrigram/number10.23/forces-decryption-legislation-netherlands">Dutch proposal</a> seeks to allow the police to force a suspect to decrypt information that is under investigation in a case of terrorism or sexual abuse of children.</li>
</ul><ul><li>In Russia, several new legal frameworks or proposed bills <a href="http://www.edri.org/edrigram/number10.21/internet-surveillance-russia">enable</a> increased state surveillance of the Internet.</li>
</ul><ul><li>Australian law enforcement and intelligence agencies have continued to advance <a target="_blank" href="https://www.eff.org/deeplinks/2012/11/why-data-retention-australian-government-hasnt-backed-its-argument">the false idea</a> of the need for data retention mandates, mandatory backdoors for cloud computing services and the creation of a new crime for refusing to aid law enforcement in the decryption of communications.</li>
</ul><ul><li>A controversy arose in Lebanon over revelations that the country's Internal Security Forces (ISF) demanded the content of all SMS text messages sent between September 13 and November 10 of this year, <a href="http://english.al-akhbar.com/content/lebanon-security-forces-give-us-your-facebook-password">as well as usernames and passwords</a> for services like Blackberry Messenger and Facebook.</li>
</ul><ul><li>The Rwandan Parliament <a target="_blank" href="https://www.privacyinternational.org/blog/rwandan-government-expands-stranglehold-on-privacy-and-free-expression">is discussing a bill</a> that will grant the police, army and intelligence services the power to listen to and read private communications in order to protect "public security", the keyword often invoked to justify unnecessary human rights violations.</li>
</ul><ul><li>Pakistan adopted a <a href="http://digitalrightsfoundation.pk/fair-trial-act-official-intrusion-on-privacy/">Fair Trial Bill</a> authorizing the state to intercept private communications to thwart acts of terrorism. No legal safeguards <a target="_blank" href="http://tribune.com.pk/story/482569/big-brother-inc/">have been built</a> in to prevent abuse of power and the word "terrorism" has been poorly defined (a word that's often invoked to justify unnecessary human rights violations).</li>
</ul><ul><li><span>RIM announced that <a target="_blank" href="http://articles.economictimes.indiatimes.com/2012-08-02/news/33001399_1_blackberry-enterprise-encryption-keys-corporate-emails">they had provided</a> the Indian Government with a solution to intercept messages and emails exchanged via BlackBerry handsets. </span>The encrypted<span> communications will now be available to Indian intelligence agencies.<br /></span></li>
</ul><ul><li><span>The </span>Indian government <a target="_blank" href="http://articles.economictimes.indiatimes.com/2012-06-14/news/32235784_1_natgrid-national-intelligence-grid-visa-and-immigration-records">approved</a> the purchase of technological equipment to kickstart the National Intelligence Grid (NATGRID)—a project that seeks to link databases for ready access by intelligence agencies. The project is expected to facilitate "robust information sharing" by security and law enforcement agencies to combat terror threats.</li>
</ul><ul></ul><p><b>Moving Forward</b></p>
<p>EFF's international team and a coalition of civil society organizations around the world <a href="http://necessaryandproportionate.org/">have drafted a set of principles</a> that can be used by civil society, governments and industry to evaluate whether state surveillance laws and practices are consistent with human rights. In 2013, we will <a target="_blank" href="https://www.eff.org/issues/surveillance-human-rights">continue demanding</a> that states adopt stronger legal protections if they want to track our cell phones, or see what web sites we’ve visited, or rummage through our Hotmail, or read our private messages on Facebook, or otherwise invade our electronic privacy. EFF <a target="_blank" href="http://wiki.surveillancehumanrights.org/Rights_Camp_Brazil">will keep working collaboratively</a> with advocates, lawyers, journalists, bloggers and security experts on the ground to fight overbroad surveillance laws. Our work will involve existing legislative initiatives, international fora, and other regional venues where we can have a meaningful impact on establishing stronger legal protections against government access to people’s electronic communications and data.</p>
</div></div></div>Mon, 31 Dec 2012 16:24:31 +0000katitza72946 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosPrivacyColombia Adopts Mandatory Backdoor and Data Retention Mandateshttps://www.eff.org/es/deeplinks/2012/12/cultures-secrecy-colombia-adopts-mandatory-backdoor-and-data-retention-mandates
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>It seems like only yesterday that the Colombian government misused United States’ <a href="http://www.aljazeera.com/indepth/opinion/2012/05/2012514135631527464.html">aid to spy on political opponents and human rights activists</a>. Back in 2009, the "Las Chuzadas" scandal surrounding former Colombian President Alvaro Uribe landed former head of the intelligence agency Jorge Noguera in jail for 25 years for targeting political activists and collaborating with paramilitary death squads. This, and other various surveillance scandals, ultimately led to the dissolution of the Colombian intelligence agency.</p>
<p>But despite this history of human rights abuses, the Colombian Ministry of Justice and Technology has issued a decree that will further undermine the privacy rights of law-abiding Colombians.</p>
<h3>Surveillance By Design: Backdoor Mandates</h3>
<p>On August 15, <a href="https://www.eff.org/pages/mapping-laws-government-access-citizens-data-colombia">the Colombian Ministry of Justice and Technology issued Decree 1704 </a>to compel Telecommunication Service Providers—including Internet service providers (ISPs)—to create backdoors that would make it easier for law enforcement to spy on Colombians.</p>
<p>The Decree claimed that the backdoor mandates provides “a public security mechanism” that seeks “to optimize” the investigation of crimes. However, mandatory back doors pose serious security risks. These security risks can be exploited by criminals as was the case in Greece, where <a href="https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%932005">unknown crackers broke into a Greek telephone network</a> and subverted its built-in wiretapping features to intercept the communications of high-ranking Greek government officials, including the Prime Minister.</p>
<p>It's important to remember that backdoor mandates do not regulate whether a prosecutor can intercept communications from new technologies at all, but only whether they can tap them instantaneously through specially-designed wiretap-friendly networks, and, whether such wiretapping can be done independently of which programs or protocols are being used to communicate. An existing amendment to the Colombian Constitution already permits Colombian prosecutors to place Internet users under surveillance without a court warrant subject only to a later judicial review.</p>
<p>A backdoor obligation to “surveillance by design” also impedes innovation by constraining the number of options available to those who are developing Internet and mobile services. The costs of such an endeavour are not trivial, and it isn’t clear who will bear the cost of the upgrades. While major ISPs may be able to bear such additional costs, smaller ISPs will be exposed to disproportionately high costs <a href="http://www.winnipegfreepress.com/canada/cost-of-surveillance-bill-concerns-providers-say-customers-may-pay-more-139470623.html">without any clear benefit</a>. Perhaps most troubling is the open-ended technical neutrality of this “surveillance by design” mandate: it is not clear precisely what surveillance capacity, or what type of equipment, will be imposed upon service providers, as surveillance technologies are constantly evolving.</p>
<h3>Data Retention Mandates</h3>
<p>This Decree also forces ISPs and telecom providers in Colombia to continuously collect and store records for five years documenting the online location and subscriber information of millions of ordinary users in Colombia. This mandate will expand Colombia’s ability to surveil its citizens, ultimately damaging individual privacy, anonymity, and free expression. Most ISPs and telcos in Colombia currently give subscribers a dynamic IP address that changes periodically, but this mandatory data retention obligation will force Colombian ISPs and telecom providers to keep records of all of their IP address allocations to allow law enforcement to more easily identify a particular individual. This data will be available to the prosecutor or “any competent authority”.</p>
<p>EFF is alarmed at the path Colombia is taking. The Colombian government has failed to develop surveillance frameworks consistent with international human rights standards and consistently displayed its contempt for the communication privacy rights of its citizens. Such a policy, particularly in light of innovations in surveillance techniques, jeopardizes the freedoms of all law-abiding Colombians. EFF, together with other international watchdogs, are demanding that governments around the world establish stronger protections as required by their <a href="http://necessaryandproportionate.org/">constitutions and human rights obligations</a>.</p>
</div></div></div>Tue, 18 Dec 2012 04:24:35 +0000katitza72881 at https://www.eff.orgInternationalMandatory Data RetentionVigilancia de Estado & Derechos HumanosWhy Data Retention? Australian Government Hasn't Backed Up Its Argumenthttps://www.eff.org/es/deeplinks/2012/11/why-data-retention-australian-government-hasnt-backed-its-argument
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>Australian law enforcement and intelligence agencies are repeatedly pushing the idea that they’ve been rendered helpless by the explosion of new communications technologies. The argument that wiretapping laws should undergo “modernization” to match today’s communications technologies has been used to justify a package of legislative amendments that would broaden online surveillance powers. The most controversial aspect of this proposal is a mandatory data retention framework, which would require blanket storage of all Australians’ communications data for up to two full years.</p>
<p>Despite the oft-repeated narrative that there is an urgent need for this new set of wiretapping capabilities, a recently published <a href="http://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentary_Library/pubs/BN/2012-2013/DataRetention">official overview</a> points out that the government has offered very little in the way of concrete evidence to back up this claim.</p>
<p>“Neither the Government nor any of the law enforcement and security agencies appear to have attempted to quantify the problem they claim exists,” according to the background note prepared by the Parliamentary Library, which produces independent evaluations of proposed legislation to support the work of the Australian Parliament. The briefing goes on to note that the government has offered “no real evidence to suggest that it has experienced any problems accessing communications data when it has needed to.”</p>
<p>Still, Australian Security Intelligence Organisation (ASIO) chief David Irvine reiterated the claim in a <a href="http://www.abc.net.au/radionational/programs/backgroundbriefing/2012-10-21/4316150">recent interview</a> on <i>Background Briefing,</i> a national radio program. “Once upon a time, interception was very easy: one telephone to another telephone,” Irvine said. “Today there are hundreds of different ways of communicating electronically and the law does not cater for those ways in the way it should.”</p>
<p>Far from being merely an upgrade to existing laws to keep pace with technology, the proposed data retention framework would open the door to mass surveillance of digital communications. It would require communications service providers to store communications data, which can include subscribers’ registration details, time and duration of communications, phone numbers or email addresses of the sender and recipient, and location information. The data would be held for up to two years and made available for disclosure to law enforcement upon request.</p>
<p>While proponents have been quick to point out that agencies wouldn’t be readily granted access to the content of communications under this framework, there are cases – such as headers in the subject line of an email – where those distinctions can blur. And as German Green Party representative and privacy activist Malte Spitz <a href="https://www.eff.org/deeplinks/2011/03/what-location-tracking-looks">demonstrated</a> with a visualization of the cell phone locational data his mobile provider collected about him over six months, location information alone is enough to yield a portrait of an individuals’ daily routine in granular detail.</p>
<p>It's also tough to distinguish between content and communications data when it comes to logs of web-browsing activity. Last week, a representative from the Australian Attorney General’s Department stated during a Parliamentary hearing that the data retention proposal might be altered to exclude web-browsing history – “in a move to allay public outrage,” according to a <a href="http://www.zdnet.com/au/aust-mps-seek-url-ban-in-data-retention-proposal-7000006791/">recent news report</a>.</p>
<blockquote><p>When questioned about whether URLs are included, [Attorney General representative Roger Wilkins] said … URLs would be classified as content data and would require a warrant in order to be obtained by law enforcement. He said that the metadata definition could be altered to state that explicitly.</p></blockquote>
<p>While Irvine, the head of ASIO, told the host of <i>Background Briefing</i> that the data retention proposal “doesn’t impinge any further on people’s privacy,” a wide array of civil liberties and political organizations are mounting opposition due to concerns about the dramatic privacy implications of the proposal.</p>
<p>The radio segment also featured an interview with Electronic Frontiers Australia (EFA). “As Australians we’re really lucky we’ve never really had to deal with these sorts of issues, so I don’t think we understand what’s at stake here,” EFA's Jon Lawrence told the program’s host, Di Martin. “We are potentially sleepwalking into a mass surveillance state.”</p>
<p>He noted that Australia appears to be emulating the <a href="https://www.eff.org/issues/mandatory-data-retention/eu">European Union Data Retention Directive</a>, a policy framework that has attracted intense controversy, for its own national law. Opponents have decried the directive as incompatible with the values of a free society, and courts in Germany and elsewhere have rejected it as unconstitutional.</p>
<p>Philip Boulten is an attorney and member of Australia’s Law Council, which drafted a detailed <a href="http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis/nsl2012/subs/sub%20224.pdf">submission</a> on the surveillance proposal. “This is an attempt to get every extra conceivable way of spying on somebody,” Boulten warned when he was featured on the radio show. “There is no other way that anyone could actually come up with to allow this, except to allow ASIO to actually sit in somebody’s bedroom fulltime.”</p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
</div></div></div>Thu, 08 Nov 2012 04:42:24 +0000rbowe72271 at https://www.eff.orgNews UpdateInternationalMandatory Data RetentionPrivacyThe Fight Against Data Retention Mandates In Slovakiahttps://www.eff.org/es/fighting-data-retention-mandates-slovakia
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p dir="ltr"><span></span>EFF welcomes a strong voice in the fight against data retention mandates: on Wednesday, a group of Slovak MPs <a target="_blank" href="http://www.eisionline.org/index.php/projekty-m/data-retention-m/49-slovak-case-on-data-retention">filed a complaint</a> challenging the constitutionality of Slovakia's mandatory data retention law. The law compels telcos and ISPs to monitor the communications of all citizens including those not suspected or convicted of any crime, and in case law enforcement officials demand them for any reason.</p>
<p dir="ltr">The complaint also requests that, if necessary, the court should challenge the validity of the larger European data retention directive before the Court of Justice of the European Union. The Data Retention Directive, adopted in 2006, forces Member States of the European Union to adopt laws that would compel ISPs and telecommunications service providers operating in Europe to collect and retain a subscriber's incoming and outgoing phone numbers, IP addresses, location data, and other key telecom and Internet traffic data for a period of 6 months to 2 years.</p>
<p><a target="_blank" href="http://www.eisionline.org/index.php/projekty-m/data-retention-m/49-slovak-case-on-data-retention">The European Information Society Institute</a> (EISi), the Slovak research center which authored the complaint, has championed this battle for the last two years. In a statement, Martin Husovec, the lawyer of the EISi says,</p>
<blockquote><p>After the General Prosecutor's Office twice rejected our request to file this complaint before the Slovak Constitutional Court, we had no other option that to prepare the template submission before the Constitutional Court ourselves and address the MPs. The liberal MP, Martin Poliačik, took a lead and persuaded other MPs. After two years of our hard work, we now have the case before the Constitutional Court.</p></blockquote>
<p>A mass untargeted collection of communications records of ordinary, non-suspected people<span> can not be tolerated where freedom is valued</span>. Data retention mandates are a threat to privacy and anonymity, and have been proven to violate the privacy rights of millions of Europeans. And some courts in Europe have already agreed.</p>
<p dir="ltr">The Czech Constitutional Court <a href="http://www.edri.org/czech-decision-data-retention">declared</a> in March 2011 that the Czech mandatory data retention law was unconstitutional. Earlier, in January 2012, the same Court dealt <a href="http://husovec.blogspot.com/2012/01/czech-constitutional-court-gives.html">another blow</a> to data retention by annulling part of the Criminal Procedure Code, which would have enabled law enforcement access to data stored voluntarily by operators. Most importantly, the Czech Court used compelling language in articulating the importance of the protection of traffic data. The Court stated that the collection of traffic data and communication data warranted identical legal safeguards since both have the same "intensity of interference". However, a new data retention bill <a target="_blank" href="http://www.edri.org/edrigram/number10.15/czech-republic-new-data-retention-law">seeks to find its way back</a> into the Czech legal framework, and is waiting for the President's signature.</p>
<p>In March 2010, a German Court <a href="http://www.edri.org/edrigram/number8.5/german-decision-data-retention-unconstitutional">declared</a> unconstitutional the German mandatory data retention law. The Court ordered the deletion of the collected data and affirmed that data retention could "cause a diffusely threatening feeling of being under observation that can diminish an unprejudiced perception of one's basic rights in many areas." The lawsuit was brought on by <a href="http://www.edri.org/edrigram/number6.5/germany-data-retention">34,000 citizens</a> through the initiative of <a href="https://www.vorratsdatenspeicherung.de/">AK Vorrat</a>, the German working group against data retention.</p>
<p dir="ltr">In Ireland, the Court <a href="http://edri.org/edrigram/number8.10/data-retention-ireland-ecj">has referred</a> to the European Court of Justice the case challenging the legality of the overall data retention directive, thanks to a complaint brought by <a href="http://www.digitalrights.ie/2010/05/05/high-court-decision-on-our-data-retention-challenge/">Digital Rights Ireland</a>. The Irish Court acknowledged the importance of defining "the legitimate legal limits of surveillance techniques used by governments," and rightly emphasized that "without sufficient legal safeguards the potential for abuse and unwarranted invasion of privacy is obvious." <a href="http://edri.org/edrigram/number9.3/data-retention-un-lawful-cyprus">Courts in Cyprus</a> and <a href="http://edri.org/edri-gram/number6.24/bulgarian-administrative-case-data-retention">Bulgaria</a> have also declared their mandatory data retention laws unconstitutional.</p>
<p dir="ltr">EFF continues to fight for the repeal of the EU Data Retention Directive and oppose blanket untargetted mass surveillance proposals throughout the world.</p>
<p dir="ltr">References:</p>
<ul><li><a href="https://www.eff.org/node/58471">Opinion by the Supreme Court of the Czech Republic regarding the constitutionality of the Czech Republic's implementation of the Data<br />
Directive</a>.</li>
<li><a target="_blank" href="https://www.eff.org/node/58472">Opinion by the Romanian Supreme Court regarding the constitutionality of Romania's implementation of the Data Directive.</a></li>
<li><a target="_blank" href="https://www.eff.org/node/58470">Opinion by the Irish Supreme Court regarding the constitutionality of Ireland's implementation of the Data Directive</a>.</li>
<li><a target="_blank" href="https://www.eff.org/node/58482">EDRi Shadow Data Retention Report</a></li>
<li><a target="_blank" href="https://www.eff.org/deeplinks/2010/03/beginning-end-data-retention">The Beginning of the End of Data Retention</a></li>
<li><a target="_blank" href="https://www.eff.org/node/58014">EDRI, PI: Briefing for Members of the European Parliament on Data Retention (2005)</a></li>
</ul></div></div></div>Thu, 11 Oct 2012 06:13:03 +0000katitza72030 at https://www.eff.orgCommentaryInternationalInternational Privacy StandardsMandatory Data RetentionPrivacyPrivacy News Roundup: Facebook, Facewatch, Data Retention About-Facehttps://www.eff.org/es/deeplinks/2012/10/privacy-news-roundup-facebook-face-cctv-activism-and-police-wish-list
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><b>Game Over for Automatic Facebook Tag Suggestion in Europe</b></p>
<p>In a victory for consumer privacy, Facebook has agreed to suspend the automatic use of its facial-recognition tool in Europe. The tool suggests people to tag in users’ photographs when registered users upload them to Facebook pages. Facebook Europe has agreed that by Oct. 15, it will give EU users the choice as to whether to allow the use of facial recognition software.</p>
<p>The “tag suggestion” tool gives Facebook the ability to build a “signature” of an individual’s face, based on photos in which they have been tagged. Face.com <span>–</span> an Israeli company that Facebook <a href="https://www.eff.org/mention/facebook-acquires-facial-recognition-startup-may-broaden-tagging-ability">acquired in June</a>, which has <a href="http://face.com/research/faceR2011b.html">stated</a> that it has 31 billion face images profiled<a></a> <span>– </span>developed the software. Facebook also agreed to delete all facial recognition data it stores about its European users.</p>
<p>Facebook made the announcement in response to an investigation by the <a href="http://dataprotection.ie/viewdoc.asp?DocID=1233&amp;m=f">Irish Data Protection Commission</a> (DPC) as to whether its practices adhere to a series of recommendations the DPC made last December to ensure that the social network company was in compliance with European privacy laws and taking measures to protect users' privacy rights.</p>
<p>Here in the U.S., EFF has urged Congress to <a href="https://www.eff.org/deeplinks/2012/07/eff-urges-congress-protect-privacy-face-recognition">protect privacy in face recognition</a>. Here’s an excerpt from EFF Staff Attorney Jen Lynch’s <a href="https://www.eff.org/document/testimony-jennifer-lynch-senate-committee-judiciary-subcommittee-privacy-technology-and-law">testimony</a>:</p>
<blockquote><p>“Face recognition is here to stay, and, though many Americans may not realize it, they are already in a face recognition database. Facebook refuses to say how many face prints it has in its database and whether it creates a face print for photos of non-Facebook users. However, given that Facebook has approximately 170 million active monthly users in the United States alone, at least 54% of the United States population already has a face print.”</p></blockquote>
<p><b>Freedom Not Fear Spurs New International Effort</b></p>
<p>The international <a href="https://www.eff.org/deeplinks/2012/09/creating-surveillance-free-internet-movement-freedom-not-fear">Freedom Not Fear</a> week of action, which wrapped up Sept. 17, brought activists together from Brussels to Sydney for protest events and workshops to highlight and challenge surveillance trends. Organizations from 11 European Union member states gathered for workshops in Brussels, and European Data Protection Supervisor Peter Hustinx met with advocates to discuss the upcoming European Union Data Protection Reform. He also delivered a detailed explanation of his interpretation of the “Freedom Not Fear” motto, saying, “Fear is always a bad adviser.”</p>
<p>A result of the gathering was the creation of a new International Working Group on Video surveillance. As EFF <a href="https://www.eff.org/deeplinks/2012/09/freedom-not-fear-cctv-surveillance-cameras-focus">has explained before</a>, closed circuit television cameras (CCTV) are becoming increasingly ubiquitous in the United Kingdom, and the introduction of a tool called <a href="http://facewatch.co.uk/cms/">Facewatch</a> that is being used to target rioters in the London protests has activists especially concerned. The new working group has announced a campaign to react to the latest developments in privacy-intrusive technology, and targeting Facewatch is a high priority.</p>
<p>"The idea of 'Freedom Not Fear' is to give citizens and civil rights groups time and a place for networking in order to strengthen their engagement and personal efforts," says Michael Ebeling, part of the Freedom Not Fear organizing team. "We are glad that we are moving forward with this, bringing people from different countries together."</p>
<p><b>Australian Law Enforcement Pushing for Data Retention </b></p>
<p>Ongoing hearings are underway at the Australian Parliament about a package of <a href="http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis/nsl2012/index.htm">National Security Inquiry</a> proposals that would revise telecommunications interception laws and make it easier for law enforcement to eavesdrop on telephone and Internet communications. At a recent hearing, Australian police commissioners <a href="http://www.theage.com.au/technology/technology-news/police-want-phone-web-data-kept-indefinitely-20120926-26kj2.html">told members of Parliament</a> they thought telecoms and Internet service providers should be required to store users’ digital communications for two full years, and that they wanted to help draft formal legislation to that effect. An <a href="http://www.theage.com.au/technology/technology-news/police-want-phone-web-data-kept-indefinitely-20120926-26kj2.html#ixzz27j3jwkzL">article</a> in an Australian publication called The Age suggests that police wanted data retention to extend even farther than the two-year time span:</p>
<blockquote><p>[Australian Federal Police Commissioner Tony Negus] told the inquiry in Sydney that police would "ideally" prefer the information be held by telecommunication companies indefinitely, so it could be accessed by police at any time.</p>
<p>"The two-year proposal ... we could live with," he said. "It certainly wouldn't be ideal, but we could live with [it]."</p></blockquote>
<p>The initial package of proposals, which was submitted by Australian Attorney General Nicola Roxon, contained only a very vague mention of a proposed data retention framework. Roxon submitted a <a href="http://www.aph.gov.au/Parliamentary_Business/Committees/House_of_Representatives_Committees?url=pjcis/nsl2012/additional/letter%20from%20ag%20to%20pjcis%20clarifying%20tor.pdf">letter</a> to “clarify” the proposal on Sept. 19, leaving open the exact framework yet quoting extensively from the European Union Data Retention Directive, a policy instrument that EFF has joined international privacy advocates in <a href="https://www.eff.org/issues/mandatory-data-retention">opposing</a>. The directive has been met with widespread resistance and has been found to be <a href="https://www.eff.org/issues/mandatory-data-retention/eu">unconstitutional</a> by several European courts.</p>
<p>Privacy advocates have criticized Roxon for withholding more detailed information about the mandatory data retention proposal until after civil society had submitted formal responses to Parliament based on the vague wording in her initial discussion paper. In late July, Roxon even <a href="http://www.smh.com.au/technology/technology-news/roxon-doubts-over-security-plans-to-store-web-history-20120720-22fel.html">told reporters</a> that the "case has yet to be made" for the controversial data retention proposal. EFF will continue monitoring the status of the National Security Inquiry and data retention proposals in Australia.</p>
</div></div></div>Mon, 01 Oct 2012 17:11:26 +0000rbowe71961 at https://www.eff.orgInternationalMandatory Data RetentionPrivacyPrivacy Rights Activism in Latin Americahttps://www.eff.org/es/deeplinks/2012/09/privacy-activism-latin-america
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p><em>This article has been co-written with <a href="http://globalvoicesonline.org/author/renata-avila/">Renata Avila-Pinto</a>.</em></p>
<p>Throughout Latin America, new surveillance practices threaten to erode individuals' privacy, yet there is limited public awareness about the civil liberties implications of these rapid changes. Some countries are pursuing <a href="http://www.article19.org/resources.php/resource/3432/en/brazil:-draft-computer-crime-bill">cybercrime</a> policies that seek to increase law enforcement power without strong legal safeguards. In other nations, <a href="https://www.eff.org/deeplinks/2012/01/biometrics-argentina-mass-surveillance-state-policy">government-run biometric identification systems</a> are on the rise, while certain governments are <a href="http://www.wired.com/dangerroom/2012/03/mexico-drones/">even turning to drones</a> to aid in their surveillance activities. A <a href="../../../../../../../../%20https://www.eff.org/deeplinks/2012/07/mexicans-need-transparency-secret-surveillance-contracts%20http://www.palermo.edu/cele/cele-en-los-medios/delitos-informaticos.html">culture of secrecy</a> surrounds these surveillance practices, and citizens remain largely unaware of what types of information are being collected and how it is being used against them. </p>
<p>For Latin American privacy advocates, all of this makes for an uphill battle. There are relatively few NGOs working in the region specifically on privacy and surveillance, and the lack of specialization is further complicated by a pervasive societal attitude that security trumps privacy. Despite the inherent difficulties, the fledgling privacy movement has been working tirelessly to shed light on overarching surveillance practices and to preserve civil liberties in the face of these changes. Social media and blogs have made a huge impact in activism work in several countries throughout the region.</p>
<p>Below, we present a quick snapshot of some privacy groups, academic institutions, and dedicated individuals working in the field.</p>
<p><b>Advocacy by specialized NGOs </b></p>
<p>Let’s begin with <a href="http://www.vialibre.org.ar/">Via Libre Foundation</a>. An Argentinian digital rights advocacy group founded in 2000, Via Libre has advocated against mandatory biometric identification systems and data retention mandates. Via Libre has challenged Argentina's "electronic crime" bill, fighting draconian provisions to limit coders rights. Via Libre <a href="https://www.eff.org/deeplinks/2012/09/freedom-not-fear-argentina-edition">has also trained</a> activists and journalists on secure communications, such as mastering the use of encryption and anonymity tools. </p>
<p>In Brazil, <a target="_blank" href="https://meganao.wordpress.com/o-mega-nao/">Movimiento Mega Nao</a> is a grassroot movement responding to threats to Internet rights. Mega Nao recently fought an invasive cybercrime bill by advocating a civil rights framework for the Internet that includes safeguards for free expression and privacy. The Brazilian Institute of Consumer Protection (IDEC) <a href="http://www.idec.org.br/mobilize-se/campanhas/consumidores-contra-o-pl-azeredo#6which">has also launched</a> a similar campaign. <a href="http://www.idec.org.br/">IDEC</a>, which was founded in 1987, specializes in consumer privacy and other Internet-related issues. Another important Brazilian NGO, Instituto NUPEF, educates policymakers and civil society on Internet rights, including privacy. <a href="../../../../../../../../%20http://www.nupef.org.br/?q=node/1">NUPEF</a> also publishes a specialized <a href="http://www.politics.org.br/">Internet policy magazine</a>.</p>
<p>In Chile, the NGO Derechos Digitales has, since 2005, worked to promote <a href="http://www.derechosdigitales.org/2012/04/26/reincidencia-policial-pdi-no-respeta-el-derecho-a-la-vida-privada/">human rights</a> in the digital environment and <a href="../../../../../../../../%20http://www.derechosdigitales.org/2010/10/13/ong-derechos-digitales-expresa-necesidad-que-proveedores-de-internet-sean-garantes-de-privacidad-de-usuarios/">advocate</a> for more balanced copyright laws. On the privacy front, <a href="http://www.derechosdigitales.org/2010/10/15/policia-de-investigaciones-de-nuevo-vulnera-privacidad-en-internet/">Derechos Digitales</a> has defended <a href="http://www.derechosdigitales.org/2012/07/23/notemasainternet-vigilancia-en-la-red-que-significa-monitorear-y-detectar-contenidos-en-internet/">bloggers</a> and <a href="http://www.derechosdigitales.org/2010/07/10/huelga-cl-protege-la-privacidad-de-sus-usuarios/">small Internet companies</a> from warrantless demands for private user information. Relatively new NGOs, such as <a href="http://ongmeta.org/noticias/participacion-de-ong-meta-en-mesa-de-proteccion-de-datos/">ONG Meta</a>, <a href="http://www.canal-tecnologico.com/index.php?option=com_content&amp;view=article&amp;id=1438:alfredo-velazco-reglamento-usuarios-internet-ecuador&amp;catid=35:canaltec&amp;Itemid=57">Internet users Association</a> (Ecuador) and Fundación Proacceso (Venezuela), are also working on privacy in the region.</p>
<p>In Latin America, the <a href="http://www.apc.org/en/about/programmes/communications-and-information-policy-latin-americ">Association for Progressive Communication's activities</a> include research, policy analysis, and capacity building in the area of human rights on the Internet. APC has developed an <a href="http://www.apc.org/en/node/5677/">Internet rights charter</a> to guide Internet policy development. In 2011, APC compiled stories on <a href="http://rights.apc.org/">human rights abuses</a> in the region, which it published in its annual project <a href="http://www.giswatch.org/">Global Information Society Watch</a> (GISWatch). Since 2008, APC, NUPEF and others have been organizing <a href="http://www.lacigf.org/en/lacigf5/index.html">an annual regional preparatory meeting</a> for the United Nations Internet Governance Forum (IGF).</p>
<p>There are also longstanding human rights NGOs who are beginning to focus more on Internet policy (including privacy). For instance: civil rights advocates Asociación por los Derechos Civiles (ADC, or Civil Rights Association in English) in Argentina, has now begun turning its attention to Internet freedom. This group of Argentinean lawyers works on defending free expression and access to information at the national level and within Inter American Human Rights System. <a href="http://www.ipys.org/comunicado/38">Instituto Prensa y Sociedad (IPYS)</a>, an NGO working on investigative journalism, freedom of expression, and access to public information in Latin America, has long been <a href="http://www.ifex.org/peru/2012/01/30/phone_tapping_investigation/es/">fighting government</a> <a href="http://www.andina.com.pe/Espanol/Noticia.aspx?id=2kShr4+R/P4=">surveillance</a> and protecting journalists' free expression rights. Like IPYS, <a href="http://www.aprodeh.org.pe/index.php?option=com_content&amp;view=article&amp;id=225&amp;Itemid=185">Asociación Pro Derechos Humanos</a> (Aprodeh) has challenged illegal government surveillance in Peru during the Presidency of Alberto Fujimori. Fujimori has since been jailed for human rights violations after being tried for violating the secrecy of communication and other human rights abuses during his Presidency. It marked the first time a democratically elected former president was prosecuted at home for serious human rights violations, including the violation of privacy.</p>
<p>In 2007, <a href="http://www.article19.org/pages/en/latin-america-programme.html">ARTICLE 19</a> regionalized, moving from a single office to a growing number of regional offices supported by an international office in London. Article 19 in Latin American does litigation in precedent-setting cases defending free speech, and makes recommendations for improvement of draft laws. The organization has also called attention to the civil liberties implications of <a target="_blank" href="http://www.article19.org/resources.php/resource/3389/en/brazil:-civil-rights-framework-for-the-internet">cybercrime proposals</a> under discussion in the region. In Venezuela, a human rights organization called <a href="http://espaciopublico.org/index.php/eventos/109-novedades/2469-taller-investigacion-y-seguridad-en-el-entorno-digital">Espacio Publico</a> is working to protect freedom of expression and access to information, while also offering trainings in privacy and security.</p>
<p><b>Academia</b></p>
<p>Brazil is one of the most advanced countries in the region working on Internet policy research, and the <a href="http://direitorio.fgv.br/cts/">Center for Technology and Society</a> at Getulio Vargas Foundation remains one of the most important groups exploring Internet policy, including privacy and surveillance. The <a href="http://www.gpopai.usp.br/wiki/index.php/Publica%C3%A7%C3%B5es">Research Group on Public Policies for Access to Information of the University of São Paulo</a> has also published good analysis on <a href="http://www.gpopai.usp.br/wiki/index.php/Sobre_o_Gpopai">privacy and surveillance </a>policies. The <a href="http://www.palermo.edu/cele/english/index.html">Center for Studies on Freedom of Expression and Access to Information</a> (CELE) in Argentina has also pioneered research on freedom of expression and privacy issues. </p>
<p><b>Voices in new territories</b></p>
<p>There is also a group of dedicated individuals, academics and bloggers with technical and legal backgrounds in the region who've dedicated time and effort to exploring the topics and increasing awareness on Internet policy.</p>
<p>Individuals with expertise in this area include Victor Chapela, <a target="_blank" href="http://www.humanrightsgeek.blogspot.com/">Jose Luis Fernando Garcia</a>, Helios Mier and Cristos Velasco in Mexico; Oscar Montezuma, <a target="_blank" href="http://www.hiperderecho.org/delitosinformaticos/">Miguel Morachimo</a>, and <a target="_blank" href="http://www.infos.pe/about/marco-sifuentes/">Marco Sifuentes</a> in Peru; <a href="http://www.technollama.co.uk/?s=privacy">Andres Guadamuz</a> in Costa Rica; <a href="http://www.elespectador.com/impreso/opinion/columna-329712-proteccion-de-datos-personales">Carolina Botero</a>, <a target="_blank" href="http://www.habeasdata.org.co/">Nelson Remolina</a> in<a href="http://www.karisma.org.co/carobotero/index.php/2011/04/11/equinoxio-3-peros-de-la-ley-lleras/"> Colombia</a>, <a target="_blank" href="http://www.habeasdataorg.cl/">Renato Jijena</a> in Chile; <a target="_blank" href="http://www.habeasdata.org/">Pablo Palazzi</a> in Argentina; Pablo, Renato, Nelson and Danilo Doneda (Brazil) co-directed La <a href="https://www.rlpdp.com.ar">Revista Latinoamerica de Proteccion de Datos Personales</a> (Latin American Magazine on Personal Data Protection). Carolina Flores, based in Costa Rica, published a guide to protect the privacy and security of human rights activists and discusses related issues <a href="../../../../../../../../%20%20http://piensalibre.net/tics/">on her blog</a>. Cedric Laurant, while based in Colombia, published <a href="http://blog.cedriclaurant.org/2012/01/09/guia_de_privacidad_para_hispanohablantes_2012/">The Privacy Guide for Spanish Speakers</a>. </p>
<p>There are also several hacker spaces in Latin America such as <a target="_blank" href="http://hacklab.espora.org/">Hacklab Autonomo</a> in Mexico DF or <a target="_blank" href="http://escuelab.org/">Escuela Lab in Peru</a>. There is also a strong free software community that gets the word out via the <a target="_blank" href="http://www.fsfla.org/svnwiki/">Free Software Foundation in Latin America</a> when privacy threats arise.</p>
<p><a href="http://advocacy.globalvoicesonline.org/?p=9466">Global Voices Advocacy</a> also reports regularly about privacy topics in Latin America, both in regular articles and in its Latin American Netizen report.</p>
<p><strong>Conclusion</strong></p>
<p>Privacy activism in Latin America is on the rise, and several countries still lack strong civil society groups working in this area. In Central America and the Caribbean, online privacy and surveillance remain largely unexplored topics, disconnected from the larger human rights agenda. Human rights NGOs in the region tend to prioritize traditional human rights causes such as health, education, citizen security and ongoing battles surrounding forced disappearances and torture. While privately funded organizations work passionately on privacy-related topics, privacy is not their sole priority. Unpaid volunteers are driving much of this activism, and the organizations struggle with limited resources.</p>
<p>Despite these challenges and limited coverage of their efforts in the mainstream media, support for their campaigns has continued to grow. EFF will continue to work alongside civil society groups in Latin America, and to help their efforts by sharing knowledge on core Internet rights issues with policymakers throughout the region.</p>
<p> </p>
</div></div></div>Mon, 24 Sep 2012 18:39:19 +0000katitza71896 at https://www.eff.orgCommentaryInternationalBiometricsInternational Privacy StandardsMandatory Data RetentionPrivacyUK Snoopers’ Charter Draws Sharp Critique from Global Advocateshttps://www.eff.org/es/deeplinks/2012/09/uk-snoopers-charter-draws-sharp-critique-global-advocates
<div class="field field--name-body field--type-text-with-summary field--label-hidden"><div class="field__items"><div class="field__item even"><p>The United Kingdom’s <a href="http://www.official-documents.gov.uk/document/cm83/8359/8359.asp">draft Communications Data Bill</a>, more commonly known as the Snoopers’ Charter, has drawn a sharp critique from the <a href="http://www.globalnetworkinitiative.org/">Global Network Initiative</a> (GNI). In a submission to the UK Parliament’s Communications Data Bill Joint Scrutiny Committee, the organization outlined serious concerns with the proposed legislation, which would expand governmental powers to access the online communications of all UK citizens.</p>
<p>GNI is a coalition of companies, civil society organizations (including EFF), investors and academics working collaboratively to advance freedom of expression and privacy in the Information Communications and Technology (ICT) sector.</p>
<p>GNI outlined several serious concerns with the draft legislation, which has prompted <a href="http://www.openrightsgroup.org/campaigns/cdb">fierce opposition</a> from privacy advocates, <a href="https://www.eff.org/deeplinks/2012/06/uk-mass-surveillance-bill-return-bad-idea">including EFF</a>.</p>
<p>One major problem is that the UK Snoopers' Charter contains a provision requiring the generation of data specifically and only for law enforcement access, making it even more extreme than the highly problematic <a href="https://www.eff.org/issues/mandatory-data-retention/eu">EU Data Retention Directive</a>, which EFF is working to repeal. From the GNI <a href="https://www.globalnetworkinitiative.org/news/gni-comments-uk-draft-communications-data-bill">submission</a>:</p>
<blockquote><p>The bill broadens the collection and retention of new data on anyone in the UK using communications services. This includes requirements to generate data—not required for business purposes and not routinely collected by providers—specifically and only for the purpose of law enforcement access. This provision goes beyond the existing requirements under the Regulatory and Investigatory Powers Act (RIPA) and the EU’s Data Retention Directive.</p></blockquote>
<p>Furthermore, not only would the Snoopers’ Charter further erode the privacy rights of its UK citizens, GNI pointed out, it could set a negative precedent that would give authoritarian regimes a model to point to when seeking to justify surveilling their own citizens. Such an outcome could have grave consequences for human rights.</p>
<blockquote><p>This … could set a powerful precedent for repressive regimes to follow when seeking to justify surveillance on their own populations. Regimes attempt to claim legitimacy for their actions when they are able to point to similar requirements, even if only in the form of policy statements or draft legislation, in leading democratic nations. An example of exactly this type of reaction came from China in response to statements made in Parliament by the Prime Minister David Cameron in the days following the riots in 2011 around the need to consider placing limits on social networks and allowing greater government access to user communications in certain circumstances.</p></blockquote>
<p>And while the draft Communications Data Bill seeks to require providers to store communications data, rather than content, of users’ communications, GNI pointed out that such a distinction isn’t always so clear-cut. What's more is that in some cases, access to communications data can be just as privacy-invasive.</p>
<blockquote><p>Technological advances are also blurring the distinction between communications data and content that is at the heart of this Bill. For example, the URL for a web address can provide considerable access to information about the type of content the user is viewing. Stakeholders must be reassured that communications data could be reliably extracted without also disclosing content. Taken alongside the expanded scope of data collection for anyone using communications services in the UK this must be considered when assessing the proportionality of the proposals.</p></blockquote>
<p>GNI also flagged problems with the bill’s assertion of jurisdiction over communications service providers based outside the UK, in cases where UK-based users access the services.</p>
<blockquote><p>The draft Bill could provide unintended justification for actions by other governments. … Even if other jurisdictions do not enact similar or contrary laws, UK citizens’ data could still be at jeopardy. Once other governments become aware of the storage of this additional communications data, law enforcement entities in other jurisdictions will seek to obtain it as well. If ICT companies are required to obtain and retain communications data for UK residents law enforcement entities in other jurisdictions could have a legitimate claim to seek access to it. Non-UK law enforcement entities may either try to obtain it through UK law enforcement or by exerting pressure on companies to release the data without UK cooperation.</p></blockquote>
<p>Finally, GNI highlighted the specific problems with a reserve power proposed in the bill, which would empower the UK Home Secretary to require UK providers to capture and retain data (specifically and only for law enforcement purposes) in cases where the requirements were unable to be imposed on a non-UK provider.</p>
<blockquote><p>Setting aside the technical challenges of whether this can be done ... this requirement could have the effect of increasing pressure on non-UK providers to cooperate with law enforcement in informal, voluntary agreements. In contrast, GNI’s Implementation Guidelines commit companies to encourage governments to be “specific, transparent and consistent in the demands, laws, and regulations” they issue.</p></blockquote>
<p>EFF remains deeply concerned about the UK Snoopers Charter and will continue working in tandem with privacy advocates in the UK to challenge this privacy-invasive legislation.</p>
</div></div></div>Mon, 17 Sep 2012 22:00:45 +0000rbowe71847 at https://www.eff.orgInternationalUK Investigatory Powers BillMandatory Data RetentionThe Global Network InitiativePrivacy